xDS: Add support for RBAC HTTP filter (#28309)

* xDS: ADD RBAC HTTP filter support

* sanity, upb regenerate files

* Revert PerChannelArg changes

* Reviewer comments

* Reviewer comments

* Reviewer comments

* Remove unnecessary header

* Fix sanity

* Add RBAC service config parsing tests

* Don't make a copy of the metadata batch

* Revert expr_proto changes

* Some more tests

* Reviewer comments

* Reviewer comments

* No metadata changes needed

* Fix leak of DynamicXdsServerConfigSelectorProvider

* Fix deadlock issues

* Fix test compilation
pull/28435/head
Yash Tibrewal 3 years ago committed by GitHub
parent 0dda706907
commit 6ea8214879
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 36
      BUILD
  2. 112
      CMakeLists.txt
  3. 28
      Makefile
  4. 101
      build_autogenerated.yaml
  5. 19
      config.m4
  6. 23
      config.w32
  7. 28
      gRPC-C++.podspec
  8. 50
      gRPC-Core.podspec
  9. 28
      grpc.gemspec
  10. 17
      grpc.gyp
  11. 28
      package.xml
  12. 157
      src/core/ext/filters/rbac/rbac_filter.cc
  13. 74
      src/core/ext/filters/rbac/rbac_filter.h
  14. 604
      src/core/ext/filters/rbac/rbac_service_config_parser.cc
  15. 70
      src/core/ext/filters/rbac/rbac_service_config_parser.h
  16. 3
      src/core/ext/filters/server_config_selector/server_config_selector.h
  17. 15
      src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
  18. 31
      src/core/ext/transport/chttp2/server/chttp2_server.cc
  19. 61
      src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c
  20. 146
      src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h
  21. 56
      src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c
  22. 40
      src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h
  23. 154
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c
  24. 95
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h
  25. 58
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c
  26. 55
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h
  27. 44
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c
  28. 40
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h
  29. 153
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c
  30. 100
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h
  31. 75
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c
  32. 55
      src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h
  33. 5
      src/core/ext/xds/xds_http_filters.cc
  34. 551
      src/core/ext/xds/xds_http_rbac_filter.cc
  35. 54
      src/core/ext/xds/xds_http_rbac_filter.h
  36. 15
      src/core/ext/xds/xds_listener.cc
  37. 2
      src/core/ext/xds/xds_route_config.cc
  38. 82
      src/core/ext/xds/xds_server_config_fetcher.cc
  39. 2
      src/core/lib/gprpp/status_helper.cc
  40. 2
      src/core/lib/gprpp/status_helper.h
  41. 11
      src/core/lib/security/authorization/grpc_authorization_engine.cc
  42. 8
      src/core/lib/security/authorization/grpc_authorization_engine.h
  43. 4
      src/core/lib/security/authorization/rbac_policy.h
  44. 4
      src/core/plugin_registry/grpc_plugin_registry.cc
  45. 62
      src/proto/grpc/testing/xds/v3/BUILD
  46. 23
      src/proto/grpc/testing/xds/v3/expr.proto
  47. 27
      src/proto/grpc/testing/xds/v3/http_connection_manager.proto
  48. 41
      src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
  49. 84
      src/proto/grpc/testing/xds/v3/metadata.proto
  50. 35
      src/proto/grpc/testing/xds/v3/path.proto
  51. 10
      src/proto/grpc/testing/xds/v3/range.proto
  52. 293
      src/proto/grpc/testing/xds/v3/rbac.proto
  53. 14
      src/python/grpcio/grpc_core_dependencies.py
  54. 33
      test/core/ext/filters/rbac/BUILD
  55. 652
      test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
  56. 2
      test/core/server_config_selector/server_config_selector_test.cc
  57. 1
      test/cpp/end2end/xds/BUILD
  58. 1141
      test/cpp/end2end/xds/xds_end2end_test.cc
  59. 1
      tools/codegen/core/gen_upb_api.sh
  60. 28
      tools/doxygen/Doxyfile.c++.internal
  61. 28
      tools/doxygen/Doxyfile.core.internal
  62. 24
      tools/run_tests/generated/tests.json

36
BUILD

@ -2414,6 +2414,27 @@ grpc_cc_library(
], ],
) )
grpc_cc_library(
name = "grpc_rbac_filter",
srcs = [
"src/core/ext/filters/rbac/rbac_filter.cc",
"src/core/ext/filters/rbac/rbac_service_config_parser.cc",
],
hdrs = [
"src/core/ext/filters/rbac/rbac_filter.h",
"src/core/ext/filters/rbac/rbac_service_config_parser.h",
],
external_deps = ["absl/strings:str_format"],
language = "c++",
deps = [
"gpr_base",
"grpc_base",
"grpc_rbac_engine",
"grpc_service_config",
"json_util",
],
)
grpc_cc_library( grpc_cc_library(
name = "grpc_http_filters", name = "grpc_http_filters",
srcs = [ srcs = [
@ -2616,6 +2637,7 @@ grpc_cc_library(
"src/core/ext/xds/xds_endpoint.cc", "src/core/ext/xds/xds_endpoint.cc",
"src/core/ext/xds/xds_http_fault_filter.cc", "src/core/ext/xds/xds_http_fault_filter.cc",
"src/core/ext/xds/xds_http_filters.cc", "src/core/ext/xds/xds_http_filters.cc",
"src/core/ext/xds/xds_http_rbac_filter.cc",
"src/core/ext/xds/xds_listener.cc", "src/core/ext/xds/xds_listener.cc",
"src/core/ext/xds/xds_resource_type.cc", "src/core/ext/xds/xds_resource_type.cc",
"src/core/ext/xds/xds_route_config.cc", "src/core/ext/xds/xds_route_config.cc",
@ -2639,6 +2661,7 @@ grpc_cc_library(
"src/core/ext/xds/xds_endpoint.h", "src/core/ext/xds/xds_endpoint.h",
"src/core/ext/xds/xds_http_fault_filter.h", "src/core/ext/xds/xds_http_fault_filter.h",
"src/core/ext/xds/xds_http_filters.h", "src/core/ext/xds/xds_http_filters.h",
"src/core/ext/xds/xds_http_rbac_filter.h",
"src/core/ext/xds/xds_listener.h", "src/core/ext/xds/xds_listener.h",
"src/core/ext/xds/xds_resource_type.h", "src/core/ext/xds/xds_resource_type.h",
"src/core/ext/xds/xds_resource_type_impl.h", "src/core/ext/xds/xds_resource_type_impl.h",
@ -2676,6 +2699,7 @@ grpc_cc_library(
"grpc_fault_injection_filter", "grpc_fault_injection_filter",
"grpc_lb_xds_channel_args", "grpc_lb_xds_channel_args",
"grpc_matchers", "grpc_matchers",
"grpc_rbac_filter",
"grpc_secure", "grpc_secure",
"grpc_transport_chttp2_client_secure", "grpc_transport_chttp2_client_secure",
"json", "json",
@ -4430,6 +4454,7 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c", "src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c", "src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c", "src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c", "src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c",
"src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c", "src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c",
"src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c", "src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c",
@ -4475,6 +4500,7 @@ grpc_cc_library(
"src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h", "src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h", "src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h", "src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h", "src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h",
"src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h", "src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h",
"src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h", "src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h",
@ -4538,6 +4564,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c",
@ -4545,6 +4572,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c",
"src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c", "src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c",
@ -4582,6 +4610,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h",
@ -4589,6 +4618,7 @@ grpc_cc_library(
"src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h",
"src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h", "src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h",
@ -4620,6 +4650,7 @@ grpc_cc_library(
"envoy_core_upbdefs", "envoy_core_upbdefs",
"envoy_type_upbdefs", "envoy_type_upbdefs",
"google_api_annotations_upbdefs", "google_api_annotations_upbdefs",
"google_api_expr_upbdefs",
"google_rpc_status_upbdefs", "google_rpc_status_upbdefs",
"proto_gen_validate_upbdefs", "proto_gen_validate_upbdefs",
"protobuf_any_upbdefs", "protobuf_any_upbdefs",
@ -5182,6 +5213,11 @@ grpc_upb_proto_library(
deps = ["@com_google_googleapis//google/api/expr/v1alpha1:expr_proto"], deps = ["@com_google_googleapis//google/api/expr/v1alpha1:expr_proto"],
) )
grpc_upb_proto_reflection_library(
name = "google_api_expr_upbdefs",
deps = ["@com_google_googleapis//google/api/expr/v1alpha1:expr_proto"],
)
grpc_upb_proto_library( grpc_upb_proto_library(
name = "google_rpc_status_upb", name = "google_rpc_status_upb",
deps = ["@com_google_googleapis//google/rpc:status_proto"], deps = ["@com_google_googleapis//google/rpc:status_proto"],

112
CMakeLists.txt generated

@ -530,6 +530,9 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/endpoint.proto src/proto/grpc/testing/xds/v3/endpoint.proto
) )
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/expr.proto
)
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/extension.proto src/proto/grpc/testing/xds/v3/extension.proto
) )
@ -542,6 +545,9 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/http_connection_manager.proto src/proto/grpc/testing/xds/v3/http_connection_manager.proto
) )
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
)
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/listener.proto src/proto/grpc/testing/xds/v3/listener.proto
) )
@ -551,9 +557,15 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/lrs.proto src/proto/grpc/testing/xds/v3/lrs.proto
) )
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/metadata.proto
)
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/orca_load_report.proto src/proto/grpc/testing/xds/v3/orca_load_report.proto
) )
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/path.proto
)
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/percent.proto src/proto/grpc/testing/xds/v3/percent.proto
) )
@ -563,6 +575,9 @@ protobuf_generate_grpc_cpp(
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/range.proto src/proto/grpc/testing/xds/v3/range.proto
) )
protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/rbac.proto
)
protobuf_generate_grpc_cpp( protobuf_generate_grpc_cpp(
src/proto/grpc/testing/xds/v3/regex.proto src/proto/grpc/testing/xds/v3/regex.proto
) )
@ -924,6 +939,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx qps_worker) add_dependencies(buildtests_cxx qps_worker)
add_dependencies(buildtests_cxx race_test) add_dependencies(buildtests_cxx race_test)
add_dependencies(buildtests_cxx raw_end2end_test) add_dependencies(buildtests_cxx raw_end2end_test)
add_dependencies(buildtests_cxx rbac_service_config_parser_test)
add_dependencies(buildtests_cxx rbac_translator_test) add_dependencies(buildtests_cxx rbac_translator_test)
add_dependencies(buildtests_cxx ref_counted_ptr_test) add_dependencies(buildtests_cxx ref_counted_ptr_test)
add_dependencies(buildtests_cxx ref_counted_test) add_dependencies(buildtests_cxx ref_counted_test)
@ -1218,10 +1234,7 @@ endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_library(end2end_tests add_library(end2end_tests
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc src/core/lib/security/authorization/rbac_translator.cc
test/core/compression/args_utils.cc test/core/compression/args_utils.cc
test/core/end2end/cq_verifier.cc test/core/end2end/cq_verifier.cc
@ -1596,6 +1609,8 @@ add_library(grpc
src/core/ext/filters/http/server/http_server_filter.cc src/core/ext/filters/http/server/http_server_filter.cc
src/core/ext/filters/max_age/max_age_filter.cc src/core/ext/filters/max_age/max_age_filter.cc
src/core/ext/filters/message_size/message_size_filter.cc src/core/ext/filters/message_size/message_size_filter.cc
src/core/ext/filters/rbac/rbac_filter.cc
src/core/ext/filters/rbac/rbac_service_config_parser.cc
src/core/ext/filters/server_config_selector/server_config_selector.cc src/core/ext/filters/server_config_selector/server_config_selector.cc
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
src/core/ext/service_config/service_config.cc src/core/ext/service_config/service_config.cc
@ -1677,6 +1692,7 @@ add_library(grpc
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c
@ -1777,6 +1793,7 @@ add_library(grpc
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c
@ -1784,6 +1801,7 @@ add_library(grpc
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c
@ -1815,6 +1833,11 @@ add_library(grpc
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c src/core/ext/upbdefs-generated/google/api/http.upbdefs.c
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c
src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c
@ -1852,6 +1875,7 @@ add_library(grpc
src/core/ext/xds/xds_endpoint.cc src/core/ext/xds/xds_endpoint.cc
src/core/ext/xds/xds_http_fault_filter.cc src/core/ext/xds/xds_http_fault_filter.cc
src/core/ext/xds/xds_http_filters.cc src/core/ext/xds/xds_http_filters.cc
src/core/ext/xds/xds_http_rbac_filter.cc
src/core/ext/xds/xds_listener.cc src/core/ext/xds/xds_listener.cc
src/core/ext/xds/xds_resource_type.cc src/core/ext/xds/xds_resource_type.cc
src/core/ext/xds/xds_route_config.cc src/core/ext/xds/xds_route_config.cc
@ -1994,6 +2018,9 @@ add_library(grpc
src/core/lib/resource_quota/trace.cc src/core/lib/resource_quota/trace.cc
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
src/core/lib/security/authorization/evaluate_args.cc src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/sdk_server_authz_filter.cc src/core/lib/security/authorization/sdk_server_authz_filter.cc
src/core/lib/security/context/security_context.cc src/core/lib/security/context/security_context.cc
src/core/lib/security/credentials/alts/alts_credentials.cc src/core/lib/security/credentials/alts/alts_credentials.cc
@ -6427,10 +6454,7 @@ endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_executable(public_headers_must_be_c89 add_executable(public_headers_must_be_c89
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc src/core/lib/security/authorization/rbac_translator.cc
test/core/surface/public_headers_must_be_c89.c test/core/surface/public_headers_must_be_c89.c
) )
@ -7900,9 +7924,6 @@ endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_executable(authorization_matchers_test add_executable(authorization_matchers_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/authorization_matchers_test.cc test/core/security/authorization_matchers_test.cc
third_party/googletest/googletest/src/gtest-all.cc third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc third_party/googletest/googlemock/src/gmock-all.cc
@ -7938,10 +7959,7 @@ endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_executable(authorization_policy_provider_test add_executable(authorization_policy_provider_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc src/core/lib/security/authorization/rbac_translator.cc
src/cpp/server/authorization_policy_provider.cc src/cpp/server/authorization_policy_provider.cc
test/cpp/server/authorization_policy_provider_test.cc test/cpp/server/authorization_policy_provider_test.cc
@ -8548,9 +8566,6 @@ if(gRPC_BUILD_TESTS)
add_executable(cel_authorization_engine_test add_executable(cel_authorization_engine_test
src/core/lib/security/authorization/cel_authorization_engine.cc src/core/lib/security/authorization/cel_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/cel_authorization_engine_test.cc test/core/security/cel_authorization_engine_test.cc
third_party/googletest/googletest/src/gtest-all.cc third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc third_party/googletest/googlemock/src/gmock-all.cc
@ -10918,9 +10933,6 @@ endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_executable(grpc_authorization_engine_test add_executable(grpc_authorization_engine_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/grpc_authorization_engine_test.cc test/core/security/grpc_authorization_engine_test.cc
third_party/googletest/googletest/src/gtest-all.cc third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc third_party/googletest/googlemock/src/gmock-all.cc
@ -10956,10 +10968,7 @@ endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_executable(grpc_authorization_policy_provider_test add_executable(grpc_authorization_policy_provider_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc src/core/lib/security/authorization/rbac_translator.cc
test/core/security/grpc_authorization_policy_provider_test.cc test/core/security/grpc_authorization_policy_provider_test.cc
third_party/googletest/googletest/src/gtest-all.cc third_party/googletest/googletest/src/gtest-all.cc
@ -13991,14 +14000,46 @@ target_link_libraries(raw_end2end_test
) )
endif()
if(gRPC_BUILD_TESTS)
add_executable(rbac_service_config_parser_test
test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
)
target_include_directories(rbac_service_config_parser_test
PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
${_gRPC_RE2_INCLUDE_DIR}
${_gRPC_SSL_INCLUDE_DIR}
${_gRPC_UPB_GENERATED_DIR}
${_gRPC_UPB_GRPC_GENERATED_DIR}
${_gRPC_UPB_INCLUDE_DIR}
${_gRPC_XXHASH_INCLUDE_DIR}
${_gRPC_ZLIB_INCLUDE_DIR}
third_party/googletest/googletest/include
third_party/googletest/googletest
third_party/googletest/googlemock/include
third_party/googletest/googlemock
${_gRPC_PROTO_GENS_DIR}
)
target_link_libraries(rbac_service_config_parser_test
${_gRPC_PROTOBUF_LIBRARIES}
${_gRPC_ALLTARGETS_LIBRARIES}
grpc_test_util
)
endif() endif()
if(gRPC_BUILD_TESTS) if(gRPC_BUILD_TESTS)
add_executable(rbac_translator_test add_executable(rbac_translator_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc src/core/lib/security/authorization/rbac_translator.cc
test/core/security/rbac_translator_test.cc test/core/security/rbac_translator_test.cc
third_party/googletest/googletest/src/gtest-all.cc third_party/googletest/googletest/src/gtest-all.cc
@ -14409,10 +14450,7 @@ add_executable(sdk_authz_end2end_test
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/simple_messages.grpc.pb.h
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc src/core/lib/security/authorization/rbac_translator.cc
src/cpp/server/authorization_policy_provider.cc src/cpp/server/authorization_policy_provider.cc
test/cpp/end2end/sdk_authz_end2end_test.cc test/cpp/end2end/sdk_authz_end2end_test.cc
@ -17010,6 +17048,10 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/endpoint.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/expr.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/extension.pb.h
@ -17026,6 +17068,10 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_connection_manager.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/http_filter_rbac.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/listener.pb.h
@ -17038,6 +17084,14 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.grpc.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/lrs.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/metadata.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/path.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/percent.pb.h
@ -17050,6 +17104,10 @@ if(_gRPC_PLATFORM_LINUX OR _gRPC_PLATFORM_MAC OR _gRPC_PLATFORM_POSIX)
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.grpc.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/range.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/rbac.grpc.pb.h
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.grpc.pb.cc ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.grpc.pb.cc
${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.pb.h ${_gRPC_PROTO_GENS_DIR}/src/proto/grpc/testing/xds/v3/regex.pb.h

28
Makefile generated

@ -1096,6 +1096,8 @@ LIBGRPC_SRC = \
src/core/ext/filters/http/server/http_server_filter.cc \ src/core/ext/filters/http/server/http_server_filter.cc \
src/core/ext/filters/max_age/max_age_filter.cc \ src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/message_size/message_size_filter.cc \ src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/server_config_selector/server_config_selector.cc \ src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \ src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
src/core/ext/service_config/service_config.cc \ src/core/ext/service_config/service_config.cc \
@ -1177,6 +1179,7 @@ LIBGRPC_SRC = \
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c \ src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c \ src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c \
@ -1277,6 +1280,7 @@ LIBGRPC_SRC = \
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c \
@ -1284,6 +1288,7 @@ LIBGRPC_SRC = \
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c \
@ -1315,6 +1320,11 @@ LIBGRPC_SRC = \
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \ src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c \ src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c \
@ -1352,6 +1362,7 @@ LIBGRPC_SRC = \
src/core/ext/xds/xds_endpoint.cc \ src/core/ext/xds/xds_endpoint.cc \
src/core/ext/xds/xds_http_fault_filter.cc \ src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_filters.cc \ src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_listener.cc \ src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_resource_type.cc \ src/core/ext/xds/xds_resource_type.cc \
src/core/ext/xds/xds_route_config.cc \ src/core/ext/xds/xds_route_config.cc \
@ -1494,6 +1505,9 @@ LIBGRPC_SRC = \
src/core/lib/resource_quota/trace.cc \ src/core/lib/resource_quota/trace.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \ src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \ src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \ src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \ src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \ src/core/lib/security/credentials/alts/alts_credentials.cc \
@ -2744,6 +2758,8 @@ src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc: $(OPEN
src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc: $(OPENSSL_DEP) src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc: $(OPENSSL_DEP)
src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc: $(OPENSSL_DEP) src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc: $(OPENSSL_DEP)
src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc: $(OPENSSL_DEP) src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc: $(OPENSSL_DEP)
src/core/ext/filters/rbac/rbac_filter.cc: $(OPENSSL_DEP)
src/core/ext/filters/rbac/rbac_service_config_parser.cc: $(OPENSSL_DEP)
src/core/ext/filters/server_config_selector/server_config_selector.cc: $(OPENSSL_DEP) src/core/ext/filters/server_config_selector/server_config_selector.cc: $(OPENSSL_DEP)
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc: $(OPENSSL_DEP) src/core/ext/filters/server_config_selector/server_config_selector_filter.cc: $(OPENSSL_DEP)
src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc: $(OPENSSL_DEP) src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc: $(OPENSSL_DEP)
@ -2790,6 +2806,7 @@ src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c: $(OPENSSL_DE
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c: $(OPENSSL_DEP) src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c: $(OPENSSL_DEP) src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c: $(OPENSSL_DEP) src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c: $(OPENSSL_DEP) src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c: $(OPENSSL_DEP) src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c: $(OPENSSL_DEP)
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c: $(OPENSSL_DEP) src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c: $(OPENSSL_DEP)
@ -2881,6 +2898,7 @@ src/core/ext/upbdefs-generated/envoy/config/listener/v3/quic_config.upbdefs.c: $
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c: $(OPENSSL_DEP)
@ -2888,6 +2906,7 @@ src/core/ext/upbdefs-generated/envoy/config/trace/v3/http_tracer.upbdefs.c: $(OP
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c: $(OPENSSL_DEP)
@ -2919,6 +2938,11 @@ src/core/ext/upbdefs-generated/envoy/type/v3/percent.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/google/api/http.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c: $(OPENSSL_DEP)
src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c: $(OPENSSL_DEP) src/core/ext/upbdefs-generated/google/protobuf/duration.upbdefs.c: $(OPENSSL_DEP)
@ -2955,6 +2979,7 @@ src/core/ext/xds/xds_common_types.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_endpoint.cc: $(OPENSSL_DEP) src/core/ext/xds/xds_endpoint.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_http_fault_filter.cc: $(OPENSSL_DEP) src/core/ext/xds/xds_http_fault_filter.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_http_filters.cc: $(OPENSSL_DEP) src/core/ext/xds/xds_http_filters.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_http_rbac_filter.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_listener.cc: $(OPENSSL_DEP) src/core/ext/xds/xds_listener.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_resource_type.cc: $(OPENSSL_DEP) src/core/ext/xds/xds_resource_type.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_route_config.cc: $(OPENSSL_DEP) src/core/ext/xds/xds_route_config.cc: $(OPENSSL_DEP)
@ -2964,6 +2989,9 @@ src/core/lib/http/httpcli_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/matchers/matchers.cc: $(OPENSSL_DEP) src/core/lib/matchers/matchers.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc: $(OPENSSL_DEP) src/core/lib/security/authorization/authorization_policy_provider_vtable.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/evaluate_args.cc: $(OPENSSL_DEP) src/core/lib/security/authorization/evaluate_args.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/grpc_authorization_engine.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/matchers.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/rbac_policy.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/sdk_server_authz_filter.cc: $(OPENSSL_DEP) src/core/lib/security/authorization/sdk_server_authz_filter.cc: $(OPENSSL_DEP)
src/core/lib/security/context/security_context.cc: $(OPENSSL_DEP) src/core/lib/security/context/security_context.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/alts/alts_credentials.cc: $(OPENSSL_DEP) src/core/lib/security/credentials/alts/alts_credentials.cc: $(OPENSSL_DEP)

@ -131,10 +131,7 @@ libs:
language: c language: c
public_headers: [] public_headers: []
headers: headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h - src/core/lib/security/authorization/rbac_translator.h
- test/core/compression/args_utils.h - test/core/compression/args_utils.h
- test/core/end2end/cq_verifier.h - test/core/end2end/cq_verifier.h
@ -146,10 +143,7 @@ libs:
- test/core/end2end/tests/cancel_test_helpers.h - test/core/end2end/tests/cancel_test_helpers.h
- test/core/util/test_lb_policies.h - test/core/util/test_lb_policies.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc - src/core/lib/security/authorization/rbac_translator.cc
- test/core/compression/args_utils.cc - test/core/compression/args_utils.cc
- test/core/end2end/cq_verifier.cc - test/core/end2end/cq_verifier.cc
@ -470,6 +464,8 @@ libs:
- src/core/ext/filters/http/server/http_server_filter.h - src/core/ext/filters/http/server/http_server_filter.h
- src/core/ext/filters/max_age/max_age_filter.h - src/core/ext/filters/max_age/max_age_filter.h
- src/core/ext/filters/message_size/message_size_filter.h - src/core/ext/filters/message_size/message_size_filter.h
- src/core/ext/filters/rbac/rbac_filter.h
- src/core/ext/filters/rbac/rbac_service_config_parser.h
- src/core/ext/filters/server_config_selector/server_config_selector.h - src/core/ext/filters/server_config_selector/server_config_selector.h
- src/core/ext/filters/server_config_selector/server_config_selector_filter.h - src/core/ext/filters/server_config_selector/server_config_selector_filter.h
- src/core/ext/service_config/service_config.h - src/core/ext/service_config/service_config.h
@ -546,6 +542,7 @@ libs:
- src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h - src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h - src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h - src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h - src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h
- src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h - src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h
- src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h - src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h
@ -646,6 +643,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h - src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h - src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h - src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h - src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h - src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h - src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h
@ -653,6 +651,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h - src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h - src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h - src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h - src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h - src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h - src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h
@ -684,6 +683,11 @@ libs:
- src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h - src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h
- src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h - src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h - src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h
- src/core/ext/upbdefs-generated/google/api/http.upbdefs.h - src/core/ext/upbdefs-generated/google/api/http.upbdefs.h
- src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h - src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h
- src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h - src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h
@ -724,6 +728,7 @@ libs:
- src/core/ext/xds/xds_endpoint.h - src/core/ext/xds/xds_endpoint.h
- src/core/ext/xds/xds_http_fault_filter.h - src/core/ext/xds/xds_http_fault_filter.h
- src/core/ext/xds/xds_http_filters.h - src/core/ext/xds/xds_http_filters.h
- src/core/ext/xds/xds_http_rbac_filter.h
- src/core/ext/xds/xds_listener.h - src/core/ext/xds/xds_listener.h
- src/core/ext/xds/xds_resource_type.h - src/core/ext/xds/xds_resource_type.h
- src/core/ext/xds/xds_resource_type_impl.h - src/core/ext/xds/xds_resource_type_impl.h
@ -872,6 +877,9 @@ libs:
- src/core/lib/security/authorization/authorization_engine.h - src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/authorization_policy_provider.h - src/core/lib/security/authorization/authorization_policy_provider.h
- src/core/lib/security/authorization/evaluate_args.h - src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/sdk_server_authz_filter.h - src/core/lib/security/authorization/sdk_server_authz_filter.h
- src/core/lib/security/context/security_context.h - src/core/lib/security/context/security_context.h
- src/core/lib/security/credentials/alts/alts_credentials.h - src/core/lib/security/credentials/alts/alts_credentials.h
@ -1059,6 +1067,8 @@ libs:
- src/core/ext/filters/http/server/http_server_filter.cc - src/core/ext/filters/http/server/http_server_filter.cc
- src/core/ext/filters/max_age/max_age_filter.cc - src/core/ext/filters/max_age/max_age_filter.cc
- src/core/ext/filters/message_size/message_size_filter.cc - src/core/ext/filters/message_size/message_size_filter.cc
- src/core/ext/filters/rbac/rbac_filter.cc
- src/core/ext/filters/rbac/rbac_service_config_parser.cc
- src/core/ext/filters/server_config_selector/server_config_selector.cc - src/core/ext/filters/server_config_selector/server_config_selector.cc
- src/core/ext/filters/server_config_selector/server_config_selector_filter.cc - src/core/ext/filters/server_config_selector/server_config_selector_filter.cc
- src/core/ext/service_config/service_config.cc - src/core/ext/service_config/service_config.cc
@ -1140,6 +1150,7 @@ libs:
- src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c - src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c - src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c - src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c - src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c
- src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c - src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c
- src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c - src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c
@ -1240,6 +1251,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c - src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c - src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c - src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c - src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c - src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c - src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c
@ -1247,6 +1259,7 @@ libs:
- src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c - src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c - src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c - src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c - src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c - src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c - src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c
@ -1278,6 +1291,11 @@ libs:
- src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c - src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c
- src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c - src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c - src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c
- src/core/ext/upbdefs-generated/google/api/http.upbdefs.c - src/core/ext/upbdefs-generated/google/api/http.upbdefs.c
- src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c - src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c
- src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c - src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c
@ -1315,6 +1333,7 @@ libs:
- src/core/ext/xds/xds_endpoint.cc - src/core/ext/xds/xds_endpoint.cc
- src/core/ext/xds/xds_http_fault_filter.cc - src/core/ext/xds/xds_http_fault_filter.cc
- src/core/ext/xds/xds_http_filters.cc - src/core/ext/xds/xds_http_filters.cc
- src/core/ext/xds/xds_http_rbac_filter.cc
- src/core/ext/xds/xds_listener.cc - src/core/ext/xds/xds_listener.cc
- src/core/ext/xds/xds_resource_type.cc - src/core/ext/xds/xds_resource_type.cc
- src/core/ext/xds/xds_route_config.cc - src/core/ext/xds/xds_route_config.cc
@ -1457,6 +1476,9 @@ libs:
- src/core/lib/resource_quota/trace.cc - src/core/lib/resource_quota/trace.cc
- src/core/lib/security/authorization/authorization_policy_provider_vtable.cc - src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
- src/core/lib/security/authorization/evaluate_args.cc - src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/sdk_server_authz_filter.cc - src/core/lib/security/authorization/sdk_server_authz_filter.cc
- src/core/lib/security/context/security_context.cc - src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/alts/alts_credentials.cc - src/core/lib/security/credentials/alts/alts_credentials.cc
@ -3922,16 +3944,10 @@ targets:
build: test build: test
language: c language: c
headers: headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h - src/core/lib/security/authorization/rbac_translator.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc - src/core/lib/security/authorization/rbac_translator.cc
- test/core/surface/public_headers_must_be_c89.c - test/core/surface/public_headers_must_be_c89.c
deps: deps:
@ -4595,14 +4611,8 @@ targets:
gtest: true gtest: true
build: test build: test
language: c++ language: c++
headers: headers: []
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/authorization_matchers_test.cc - test/core/security/authorization_matchers_test.cc
deps: deps:
- grpc_test_util - grpc_test_util
@ -4611,16 +4621,10 @@ targets:
build: test build: test
language: c++ language: c++
headers: headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h - src/core/lib/security/authorization/rbac_translator.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc - src/core/lib/security/authorization/rbac_translator.cc
- src/cpp/server/authorization_policy_provider.cc - src/cpp/server/authorization_policy_provider.cc
- test/cpp/server/authorization_policy_provider_test.cc - test/cpp/server/authorization_policy_provider_test.cc
@ -4877,20 +4881,14 @@ targets:
language: c++ language: c++
headers: headers:
- src/core/lib/security/authorization/cel_authorization_engine.h - src/core/lib/security/authorization/cel_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/mock_cel/activation.h - src/core/lib/security/authorization/mock_cel/activation.h
- src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h - src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h
- src/core/lib/security/authorization/mock_cel/cel_expression.h - src/core/lib/security/authorization/mock_cel/cel_expression.h
- src/core/lib/security/authorization/mock_cel/cel_value.h - src/core/lib/security/authorization/mock_cel/cel_value.h
- src/core/lib/security/authorization/mock_cel/evaluator_core.h - src/core/lib/security/authorization/mock_cel/evaluator_core.h
- src/core/lib/security/authorization/mock_cel/flat_expr_builder.h - src/core/lib/security/authorization/mock_cel/flat_expr_builder.h
- src/core/lib/security/authorization/rbac_policy.h
src: src:
- src/core/lib/security/authorization/cel_authorization_engine.cc - src/core/lib/security/authorization/cel_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/cel_authorization_engine_test.cc - test/core/security/cel_authorization_engine_test.cc
deps: deps:
- absl/container:flat_hash_set - absl/container:flat_hash_set
@ -6009,14 +6007,8 @@ targets:
gtest: true gtest: true
build: test build: test
language: c++ language: c++
headers: headers: []
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/grpc_authorization_engine_test.cc - test/core/security/grpc_authorization_engine_test.cc
deps: deps:
- grpc_test_util - grpc_test_util
@ -6025,16 +6017,10 @@ targets:
build: test build: test
language: c++ language: c++
headers: headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h - src/core/lib/security/authorization/rbac_translator.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc - src/core/lib/security/authorization/rbac_translator.cc
- test/core/security/grpc_authorization_policy_provider_test.cc - test/core/security/grpc_authorization_policy_provider_test.cc
deps: deps:
@ -7313,21 +7299,25 @@ targets:
- test/cpp/end2end/test_service_impl.cc - test/cpp/end2end/test_service_impl.cc
deps: deps:
- grpc++_test_util - grpc++_test_util
- name: rbac_service_config_parser_test
gtest: true
build: test
language: c++
headers: []
src:
- test/core/ext/filters/rbac/rbac_service_config_parser_test.cc
deps:
- grpc_test_util
uses_polling: false
- name: rbac_translator_test - name: rbac_translator_test
gtest: true gtest: true
build: test build: test
language: c++ language: c++
headers: headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h - src/core/lib/security/authorization/rbac_translator.h
src: src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc - src/core/lib/security/authorization/rbac_translator.cc
- test/core/security/rbac_translator_test.cc - test/core/security/rbac_translator_test.cc
deps: deps:
@ -7497,20 +7487,14 @@ targets:
build: test build: test
language: c++ language: c++
headers: headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h - src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h - src/core/lib/security/authorization/rbac_translator.h
- test/cpp/end2end/test_service_impl.h - test/cpp/end2end/test_service_impl.h
src: src:
- src/proto/grpc/testing/echo.proto - src/proto/grpc/testing/echo.proto
- src/proto/grpc/testing/echo_messages.proto - src/proto/grpc/testing/echo_messages.proto
- src/proto/grpc/testing/simple_messages.proto - src/proto/grpc/testing/simple_messages.proto
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc - src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc - src/core/lib/security/authorization/rbac_translator.cc
- src/cpp/server/authorization_policy_provider.cc - src/cpp/server/authorization_policy_provider.cc
- test/cpp/end2end/sdk_authz_end2end_test.cc - test/cpp/end2end/sdk_authz_end2end_test.cc
@ -8584,16 +8568,21 @@ targets:
- src/proto/grpc/testing/xds/v3/csds.proto - src/proto/grpc/testing/xds/v3/csds.proto
- src/proto/grpc/testing/xds/v3/discovery.proto - src/proto/grpc/testing/xds/v3/discovery.proto
- src/proto/grpc/testing/xds/v3/endpoint.proto - src/proto/grpc/testing/xds/v3/endpoint.proto
- src/proto/grpc/testing/xds/v3/expr.proto
- src/proto/grpc/testing/xds/v3/extension.proto - src/proto/grpc/testing/xds/v3/extension.proto
- src/proto/grpc/testing/xds/v3/fault.proto - src/proto/grpc/testing/xds/v3/fault.proto
- src/proto/grpc/testing/xds/v3/fault_common.proto - src/proto/grpc/testing/xds/v3/fault_common.proto
- src/proto/grpc/testing/xds/v3/http_connection_manager.proto - src/proto/grpc/testing/xds/v3/http_connection_manager.proto
- src/proto/grpc/testing/xds/v3/http_filter_rbac.proto
- src/proto/grpc/testing/xds/v3/listener.proto - src/proto/grpc/testing/xds/v3/listener.proto
- src/proto/grpc/testing/xds/v3/load_report.proto - src/proto/grpc/testing/xds/v3/load_report.proto
- src/proto/grpc/testing/xds/v3/lrs.proto - src/proto/grpc/testing/xds/v3/lrs.proto
- src/proto/grpc/testing/xds/v3/metadata.proto
- src/proto/grpc/testing/xds/v3/path.proto
- src/proto/grpc/testing/xds/v3/percent.proto - src/proto/grpc/testing/xds/v3/percent.proto
- src/proto/grpc/testing/xds/v3/protocol.proto - src/proto/grpc/testing/xds/v3/protocol.proto
- src/proto/grpc/testing/xds/v3/range.proto - src/proto/grpc/testing/xds/v3/range.proto
- src/proto/grpc/testing/xds/v3/rbac.proto
- src/proto/grpc/testing/xds/v3/regex.proto - src/proto/grpc/testing/xds/v3/regex.proto
- src/proto/grpc/testing/xds/v3/route.proto - src/proto/grpc/testing/xds/v3/route.proto
- src/proto/grpc/testing/xds/v3/router.proto - src/proto/grpc/testing/xds/v3/router.proto

19
config.m4 generated

@ -114,6 +114,8 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/filters/http/server/http_server_filter.cc \ src/core/ext/filters/http/server/http_server_filter.cc \
src/core/ext/filters/max_age/max_age_filter.cc \ src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/message_size/message_size_filter.cc \ src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/server_config_selector/server_config_selector.cc \ src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \ src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
src/core/ext/service_config/service_config.cc \ src/core/ext/service_config/service_config.cc \
@ -195,6 +197,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c \ src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c \ src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c \
@ -295,6 +298,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c \
@ -302,6 +306,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c \
@ -333,6 +338,11 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \ src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c \ src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c \
@ -370,6 +380,7 @@ if test "$PHP_GRPC" != "no"; then
src/core/ext/xds/xds_endpoint.cc \ src/core/ext/xds/xds_endpoint.cc \
src/core/ext/xds/xds_http_fault_filter.cc \ src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_filters.cc \ src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_listener.cc \ src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_resource_type.cc \ src/core/ext/xds/xds_resource_type.cc \
src/core/ext/xds/xds_route_config.cc \ src/core/ext/xds/xds_route_config.cc \
@ -556,6 +567,9 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/resource_quota/trace.cc \ src/core/lib/resource_quota/trace.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \ src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \ src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \ src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/context/security_context.cc \ src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \ src/core/lib/security/credentials/alts/alts_credentials.cc \
@ -1126,6 +1140,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/http/server) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/http/server)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/max_age) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/max_age)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/message_size) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/message_size)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/rbac)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/server_config_selector) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/filters/server_config_selector)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/service_config) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/service_config)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/transport/chttp2/alpn) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/transport/chttp2/alpn)
@ -1153,6 +1168,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3)
@ -1192,11 +1208,13 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/listener/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/listener/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/metrics/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/metrics/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/overload/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/overload/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/route/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/route/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/trace/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/config/trace/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3)
@ -1213,6 +1231,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/type/tracing/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/type/tracing/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/type/v3) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/envoy/type/v3)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/api) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/api)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/api/expr/v1alpha1)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/protobuf) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/protobuf)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/rpc) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/google/rpc)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/udpa/annotations) PHP_ADD_BUILD_DIR($ext_builddir/src/core/ext/upbdefs-generated/udpa/annotations)

23
config.w32 generated

@ -80,6 +80,8 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\filters\\http\\server\\http_server_filter.cc " + "src\\core\\ext\\filters\\http\\server\\http_server_filter.cc " +
"src\\core\\ext\\filters\\max_age\\max_age_filter.cc " + "src\\core\\ext\\filters\\max_age\\max_age_filter.cc " +
"src\\core\\ext\\filters\\message_size\\message_size_filter.cc " + "src\\core\\ext\\filters\\message_size\\message_size_filter.cc " +
"src\\core\\ext\\filters\\rbac\\rbac_filter.cc " +
"src\\core\\ext\\filters\\rbac\\rbac_service_config_parser.cc " +
"src\\core\\ext\\filters\\server_config_selector\\server_config_selector.cc " + "src\\core\\ext\\filters\\server_config_selector\\server_config_selector.cc " +
"src\\core\\ext\\filters\\server_config_selector\\server_config_selector_filter.cc " + "src\\core\\ext\\filters\\server_config_selector\\server_config_selector_filter.cc " +
"src\\core\\ext\\service_config\\service_config.cc " + "src\\core\\ext\\service_config\\service_config.cc " +
@ -161,6 +163,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upb-generated\\envoy\\extensions\\clusters\\aggregate\\v3\\cluster.upb.c " + "src\\core\\ext\\upb-generated\\envoy\\extensions\\clusters\\aggregate\\v3\\cluster.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\common\\fault\\v3\\fault.upb.c " + "src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\common\\fault\\v3\\fault.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault\\v3\\fault.upb.c " + "src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault\\v3\\fault.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\rbac\\v3\\rbac.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router\\v3\\router.upb.c " + "src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router\\v3\\router.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\network\\http_connection_manager\\v3\\http_connection_manager.upb.c " + "src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\network\\http_connection_manager\\v3\\http_connection_manager.upb.c " +
"src\\core\\ext\\upb-generated\\envoy\\extensions\\transport_sockets\\tls\\v3\\cert.upb.c " + "src\\core\\ext\\upb-generated\\envoy\\extensions\\transport_sockets\\tls\\v3\\cert.upb.c " +
@ -261,6 +264,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\listener\\v3\\udp_listener_config.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\config\\listener\\v3\\udp_listener_config.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\metrics\\v3\\stats.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\config\\metrics\\v3\\stats.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload\\v3\\overload.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload\\v3\\overload.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\rbac\\v3\\rbac.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\route.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\route.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\route_components.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\route_components.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\scoped_route.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3\\scoped_route.upbdefs.c " +
@ -268,6 +272,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\clusters\\aggregate\\v3\\cluster.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\clusters\\aggregate\\v3\\cluster.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\common\\fault\\v3\\fault.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\common\\fault\\v3\\fault.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault\\v3\\fault.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault\\v3\\fault.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\rbac\\v3\\rbac.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router\\v3\\router.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router\\v3\\router.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\network\\http_connection_manager\\v3\\http_connection_manager.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\network\\http_connection_manager\\v3\\http_connection_manager.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\transport_sockets\\tls\\v3\\cert.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\transport_sockets\\tls\\v3\\cert.upbdefs.c " +
@ -299,6 +304,11 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3\\range.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3\\range.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3\\semantic_version.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3\\semantic_version.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\annotations.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\google\\api\\annotations.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\checked.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\eval.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\explain.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\syntax.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1\\value.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\api\\http.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\google\\api\\http.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\protobuf\\any.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\google\\protobuf\\any.upbdefs.c " +
"src\\core\\ext\\upbdefs-generated\\google\\protobuf\\descriptor.upbdefs.c " + "src\\core\\ext\\upbdefs-generated\\google\\protobuf\\descriptor.upbdefs.c " +
@ -336,6 +346,7 @@ if (PHP_GRPC != "no") {
"src\\core\\ext\\xds\\xds_endpoint.cc " + "src\\core\\ext\\xds\\xds_endpoint.cc " +
"src\\core\\ext\\xds\\xds_http_fault_filter.cc " + "src\\core\\ext\\xds\\xds_http_fault_filter.cc " +
"src\\core\\ext\\xds\\xds_http_filters.cc " + "src\\core\\ext\\xds\\xds_http_filters.cc " +
"src\\core\\ext\\xds\\xds_http_rbac_filter.cc " +
"src\\core\\ext\\xds\\xds_listener.cc " + "src\\core\\ext\\xds\\xds_listener.cc " +
"src\\core\\ext\\xds\\xds_resource_type.cc " + "src\\core\\ext\\xds\\xds_resource_type.cc " +
"src\\core\\ext\\xds\\xds_route_config.cc " + "src\\core\\ext\\xds\\xds_route_config.cc " +
@ -522,6 +533,9 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\resource_quota\\trace.cc " + "src\\core\\lib\\resource_quota\\trace.cc " +
"src\\core\\lib\\security\\authorization\\authorization_policy_provider_vtable.cc " + "src\\core\\lib\\security\\authorization\\authorization_policy_provider_vtable.cc " +
"src\\core\\lib\\security\\authorization\\evaluate_args.cc " + "src\\core\\lib\\security\\authorization\\evaluate_args.cc " +
"src\\core\\lib\\security\\authorization\\grpc_authorization_engine.cc " +
"src\\core\\lib\\security\\authorization\\matchers.cc " +
"src\\core\\lib\\security\\authorization\\rbac_policy.cc " +
"src\\core\\lib\\security\\authorization\\sdk_server_authz_filter.cc " + "src\\core\\lib\\security\\authorization\\sdk_server_authz_filter.cc " +
"src\\core\\lib\\security\\context\\security_context.cc " + "src\\core\\lib\\security\\context\\security_context.cc " +
"src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " + "src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " +
@ -1125,6 +1139,7 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\http\\server"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\http\\server");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\max_age"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\max_age");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\message_size"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\message_size");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\server_config_selector"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\filters\\server_config_selector");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\service_config"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\service_config");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\transport"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\transport");
@ -1177,6 +1192,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\fault\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\http\\router\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\network"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upb-generated\\envoy\\extensions\\filters\\network");
@ -1261,6 +1278,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\metrics\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\metrics\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\overload\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\route"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\route");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\route\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\trace"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\config\\trace");
@ -1276,6 +1295,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\fault\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\rbac");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\rbac\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\http\\router\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\network"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\extensions\\filters\\network");
@ -1311,6 +1332,8 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\envoy\\type\\v3");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api\\expr");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\api\\expr\\v1alpha1");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\protobuf"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\protobuf");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\rpc"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\google\\rpc");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\udpa"); FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\ext\\upbdefs-generated\\udpa");

28
gRPC-C++.podspec generated

@ -271,6 +271,8 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.h', 'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/ext/filters/max_age/max_age_filter.h', 'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.h', 'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.h', 'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.h', 'src/core/ext/filters/server_config_selector/server_config_selector_filter.h',
'src/core/ext/service_config/service_config.h', 'src/core/ext/service_config/service_config.h',
@ -385,6 +387,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h', 'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h', 'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h',
@ -485,6 +488,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h',
@ -492,6 +496,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h',
@ -523,6 +528,11 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h', 'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h', 'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h',
@ -563,6 +573,7 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_endpoint.h', 'src/core/ext/xds/xds_endpoint.h',
'src/core/ext/xds/xds_http_fault_filter.h', 'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.h', 'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.h', 'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.h', 'src/core/ext/xds/xds_resource_type.h',
'src/core/ext/xds/xds_resource_type_impl.h', 'src/core/ext/xds/xds_resource_type_impl.h',
@ -739,6 +750,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_engine.h', 'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h', 'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h', 'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.h', 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h', 'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h', 'src/core/lib/security/credentials/alts/alts_credentials.h',
@ -1012,6 +1026,8 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.h', 'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/ext/filters/max_age/max_age_filter.h', 'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.h', 'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.h', 'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.h', 'src/core/ext/filters/server_config_selector/server_config_selector_filter.h',
'src/core/ext/service_config/service_config.h', 'src/core/ext/service_config/service_config.h',
@ -1108,6 +1124,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h', 'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h', 'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h',
@ -1208,6 +1225,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h',
@ -1215,6 +1233,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h',
@ -1246,6 +1265,11 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h', 'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h', 'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h',
@ -1286,6 +1310,7 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_endpoint.h', 'src/core/ext/xds/xds_endpoint.h',
'src/core/ext/xds/xds_http_fault_filter.h', 'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.h', 'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.h', 'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.h', 'src/core/ext/xds/xds_resource_type.h',
'src/core/ext/xds/xds_resource_type_impl.h', 'src/core/ext/xds/xds_resource_type_impl.h',
@ -1462,6 +1487,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_engine.h', 'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h', 'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h', 'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.h', 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h', 'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h', 'src/core/lib/security/credentials/alts/alts_credentials.h',

50
gRPC-Core.podspec generated

@ -322,6 +322,10 @@ Pod::Spec.new do |s|
'src/core/ext/filters/max_age/max_age_filter.h', 'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.cc', 'src/core/ext/filters/message_size/message_size_filter.cc',
'src/core/ext/filters/message_size/message_size_filter.h', 'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.cc',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.cc',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.cc', 'src/core/ext/filters/server_config_selector/server_config_selector.cc',
'src/core/ext/filters/server_config_selector/server_config_selector.h', 'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc', 'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc',
@ -479,6 +483,8 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c',
@ -679,6 +685,8 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c',
@ -693,6 +701,8 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c',
@ -755,6 +765,16 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c', 'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c',
@ -832,6 +852,8 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_http_fault_filter.h', 'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.cc', 'src/core/ext/xds/xds_http_filters.cc',
'src/core/ext/xds/xds_http_filters.h', 'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.cc',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.cc', 'src/core/ext/xds/xds_listener.cc',
'src/core/ext/xds/xds_listener.h', 'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.cc', 'src/core/ext/xds/xds_resource_type.cc',
@ -1194,6 +1216,12 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc', 'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc', 'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/evaluate_args.h', 'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.cc', 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/authorization/sdk_server_authz_filter.h', 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.cc', 'src/core/lib/security/context/security_context.cc',
@ -1565,6 +1593,8 @@ Pod::Spec.new do |s|
'src/core/ext/filters/http/server/http_server_filter.h', 'src/core/ext/filters/http/server/http_server_filter.h',
'src/core/ext/filters/max_age/max_age_filter.h', 'src/core/ext/filters/max_age/max_age_filter.h',
'src/core/ext/filters/message_size/message_size_filter.h', 'src/core/ext/filters/message_size/message_size_filter.h',
'src/core/ext/filters/rbac/rbac_filter.h',
'src/core/ext/filters/rbac/rbac_service_config_parser.h',
'src/core/ext/filters/server_config_selector/server_config_selector.h', 'src/core/ext/filters/server_config_selector/server_config_selector.h',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.h', 'src/core/ext/filters/server_config_selector/server_config_selector_filter.h',
'src/core/ext/service_config/service_config.h', 'src/core/ext/service_config/service_config.h',
@ -1641,6 +1671,7 @@ Pod::Spec.new do |s|
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h', 'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h', 'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h', 'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h',
@ -1741,6 +1772,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.h',
@ -1748,6 +1780,7 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.h',
@ -1779,6 +1812,11 @@ Pod::Spec.new do |s|
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.h',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h', 'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h', 'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.h',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h', 'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.h',
@ -1819,6 +1857,7 @@ Pod::Spec.new do |s|
'src/core/ext/xds/xds_endpoint.h', 'src/core/ext/xds/xds_endpoint.h',
'src/core/ext/xds/xds_http_fault_filter.h', 'src/core/ext/xds/xds_http_fault_filter.h',
'src/core/ext/xds/xds_http_filters.h', 'src/core/ext/xds/xds_http_filters.h',
'src/core/ext/xds/xds_http_rbac_filter.h',
'src/core/ext/xds/xds_listener.h', 'src/core/ext/xds/xds_listener.h',
'src/core/ext/xds/xds_resource_type.h', 'src/core/ext/xds/xds_resource_type.h',
'src/core/ext/xds/xds_resource_type_impl.h', 'src/core/ext/xds/xds_resource_type_impl.h',
@ -1995,6 +2034,9 @@ Pod::Spec.new do |s|
'src/core/lib/security/authorization/authorization_engine.h', 'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h', 'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h', 'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/sdk_server_authz_filter.h', 'src/core/lib/security/authorization/sdk_server_authz_filter.h',
'src/core/lib/security/context/security_context.h', 'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h', 'src/core/lib/security/credentials/alts/alts_credentials.h',
@ -2187,14 +2229,8 @@ Pod::Spec.new do |s|
ss.dependency 'abseil/debugging/stacktrace', abseil_version ss.dependency 'abseil/debugging/stacktrace', abseil_version
ss.dependency 'abseil/debugging/symbolize', abseil_version ss.dependency 'abseil/debugging/symbolize', abseil_version
ss.source_files = 'src/core/lib/security/authorization/grpc_authorization_engine.cc', ss.source_files = 'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.h',
'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc',
'src/core/lib/security/authorization/grpc_authorization_policy_provider.h', 'src/core/lib/security/authorization/grpc_authorization_policy_provider.h',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/matchers.h',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_policy.h',
'src/core/lib/security/authorization/rbac_translator.cc', 'src/core/lib/security/authorization/rbac_translator.cc',
'src/core/lib/security/authorization/rbac_translator.h', 'src/core/lib/security/authorization/rbac_translator.h',
'test/core/compression/args_utils.cc', 'test/core/compression/args_utils.cc',

28
grpc.gemspec generated

@ -241,6 +241,10 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/filters/max_age/max_age_filter.h ) s.files += %w( src/core/ext/filters/max_age/max_age_filter.h )
s.files += %w( src/core/ext/filters/message_size/message_size_filter.cc ) s.files += %w( src/core/ext/filters/message_size/message_size_filter.cc )
s.files += %w( src/core/ext/filters/message_size/message_size_filter.h ) s.files += %w( src/core/ext/filters/message_size/message_size_filter.h )
s.files += %w( src/core/ext/filters/rbac/rbac_filter.cc )
s.files += %w( src/core/ext/filters/rbac/rbac_filter.h )
s.files += %w( src/core/ext/filters/rbac/rbac_service_config_parser.cc )
s.files += %w( src/core/ext/filters/rbac/rbac_service_config_parser.h )
s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector.cc ) s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector.cc )
s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector.h ) s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector.h )
s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector_filter.cc ) s.files += %w( src/core/ext/filters/server_config_selector/server_config_selector_filter.cc )
@ -398,6 +402,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h ) s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c ) s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h ) s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c ) s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h ) s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h )
s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c ) s.files += %w( src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c )
@ -598,6 +604,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c )
@ -612,6 +620,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c )
@ -674,6 +684,16 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/api/http.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/google/api/http.upbdefs.c )
s.files += %w( src/core/ext/upbdefs-generated/google/api/http.upbdefs.h ) s.files += %w( src/core/ext/upbdefs-generated/google/api/http.upbdefs.h )
s.files += %w( src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c ) s.files += %w( src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c )
@ -751,6 +771,8 @@ Gem::Specification.new do |s|
s.files += %w( src/core/ext/xds/xds_http_fault_filter.h ) s.files += %w( src/core/ext/xds/xds_http_fault_filter.h )
s.files += %w( src/core/ext/xds/xds_http_filters.cc ) s.files += %w( src/core/ext/xds/xds_http_filters.cc )
s.files += %w( src/core/ext/xds/xds_http_filters.h ) s.files += %w( src/core/ext/xds/xds_http_filters.h )
s.files += %w( src/core/ext/xds/xds_http_rbac_filter.cc )
s.files += %w( src/core/ext/xds/xds_http_rbac_filter.h )
s.files += %w( src/core/ext/xds/xds_listener.cc ) s.files += %w( src/core/ext/xds/xds_listener.cc )
s.files += %w( src/core/ext/xds/xds_listener.h ) s.files += %w( src/core/ext/xds/xds_listener.h )
s.files += %w( src/core/ext/xds/xds_resource_type.cc ) s.files += %w( src/core/ext/xds/xds_resource_type.cc )
@ -1113,6 +1135,12 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/security/authorization/authorization_policy_provider_vtable.cc ) s.files += %w( src/core/lib/security/authorization/authorization_policy_provider_vtable.cc )
s.files += %w( src/core/lib/security/authorization/evaluate_args.cc ) s.files += %w( src/core/lib/security/authorization/evaluate_args.cc )
s.files += %w( src/core/lib/security/authorization/evaluate_args.h ) s.files += %w( src/core/lib/security/authorization/evaluate_args.h )
s.files += %w( src/core/lib/security/authorization/grpc_authorization_engine.cc )
s.files += %w( src/core/lib/security/authorization/grpc_authorization_engine.h )
s.files += %w( src/core/lib/security/authorization/matchers.cc )
s.files += %w( src/core/lib/security/authorization/matchers.h )
s.files += %w( src/core/lib/security/authorization/rbac_policy.cc )
s.files += %w( src/core/lib/security/authorization/rbac_policy.h )
s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.cc ) s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.cc )
s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.h ) s.files += %w( src/core/lib/security/authorization/sdk_server_authz_filter.h )
s.files += %w( src/core/lib/security/context/security_context.cc ) s.files += %w( src/core/lib/security/context/security_context.cc )

17
grpc.gyp generated

@ -286,10 +286,7 @@
'grpc_test_util', 'grpc_test_util',
], ],
'sources': [ 'sources': [
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc', 'src/core/lib/security/authorization/grpc_authorization_policy_provider.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/rbac_translator.cc', 'src/core/lib/security/authorization/rbac_translator.cc',
'test/core/compression/args_utils.cc', 'test/core/compression/args_utils.cc',
'test/core/end2end/cq_verifier.cc', 'test/core/end2end/cq_verifier.cc',
@ -547,6 +544,8 @@
'src/core/ext/filters/http/server/http_server_filter.cc', 'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/ext/filters/max_age/max_age_filter.cc', 'src/core/ext/filters/max_age/max_age_filter.cc',
'src/core/ext/filters/message_size/message_size_filter.cc', 'src/core/ext/filters/message_size/message_size_filter.cc',
'src/core/ext/filters/rbac/rbac_filter.cc',
'src/core/ext/filters/rbac/rbac_service_config_parser.cc',
'src/core/ext/filters/server_config_selector/server_config_selector.cc', 'src/core/ext/filters/server_config_selector/server_config_selector.cc',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc', 'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc',
'src/core/ext/service_config/service_config.cc', 'src/core/ext/service_config/service_config.cc',
@ -628,6 +627,7 @@
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c', 'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c', 'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c',
@ -728,6 +728,7 @@
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c',
@ -735,6 +736,7 @@
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c',
@ -766,6 +768,11 @@
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c', 'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c', 'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c',
@ -803,6 +810,7 @@
'src/core/ext/xds/xds_endpoint.cc', 'src/core/ext/xds/xds_endpoint.cc',
'src/core/ext/xds/xds_http_fault_filter.cc', 'src/core/ext/xds/xds_http_fault_filter.cc',
'src/core/ext/xds/xds_http_filters.cc', 'src/core/ext/xds/xds_http_filters.cc',
'src/core/ext/xds/xds_http_rbac_filter.cc',
'src/core/ext/xds/xds_listener.cc', 'src/core/ext/xds/xds_listener.cc',
'src/core/ext/xds/xds_resource_type.cc', 'src/core/ext/xds/xds_resource_type.cc',
'src/core/ext/xds/xds_route_config.cc', 'src/core/ext/xds/xds_route_config.cc',
@ -945,6 +953,9 @@
'src/core/lib/resource_quota/trace.cc', 'src/core/lib/resource_quota/trace.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc', 'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc', 'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/sdk_server_authz_filter.cc', 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc', 'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc', 'src/core/lib/security/credentials/alts/alts_credentials.cc',

28
package.xml generated

@ -221,6 +221,10 @@
<file baseinstalldir="/" name="src/core/ext/filters/max_age/max_age_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/max_age/max_age_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/message_size/message_size_filter.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/message_size/message_size_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/message_size/message_size_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/message_size/message_size_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_service_config_parser.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/rbac/rbac_service_config_parser.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector_filter.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/filters/server_config_selector/server_config_selector_filter.cc" role="src" />
@ -378,6 +382,8 @@
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c" role="src" />
@ -578,6 +584,8 @@
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c" role="src" />
@ -592,6 +600,8 @@
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c" role="src" />
@ -654,6 +664,16 @@
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/http.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/http.upbdefs.c" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/http.upbdefs.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/api/http.upbdefs.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c" role="src" /> <file baseinstalldir="/" name="src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c" role="src" />
@ -731,6 +751,8 @@
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_fault_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/xds/xds_http_fault_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_filters.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/xds/xds_http_filters.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_filters.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/xds/xds_http_filters.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_rbac_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_http_rbac_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_listener.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/xds/xds_listener.cc" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_listener.h" role="src" /> <file baseinstalldir="/" name="src/core/ext/xds/xds_listener.h" role="src" />
<file baseinstalldir="/" name="src/core/ext/xds/xds_resource_type.cc" role="src" /> <file baseinstalldir="/" name="src/core/ext/xds/xds_resource_type.cc" role="src" />
@ -1093,6 +1115,12 @@
<file baseinstalldir="/" name="src/core/lib/security/authorization/authorization_policy_provider_vtable.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/authorization/authorization_policy_provider_vtable.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/grpc_authorization_engine.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/grpc_authorization_engine.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/matchers.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/matchers.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/rbac_policy.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/rbac_policy.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/sdk_server_authz_filter.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/authorization/sdk_server_authz_filter.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/sdk_server_authz_filter.h" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/authorization/sdk_server_authz_filter.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" /> <file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" />

@ -0,0 +1,157 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <grpc/support/port_platform.h>
#include "src/core/ext/filters/rbac/rbac_filter.h"
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include "src/core/ext/service_config/service_config_call_data.h"
#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
#include "src/core/lib/transport/metadata_batch.h"
namespace grpc_core {
//
// RbacFilter::CallData
//
// CallData
grpc_error_handle RbacFilter::CallData::Init(
grpc_call_element* elem, const grpc_call_element_args* args) {
new (elem->call_data) CallData(elem, *args);
return GRPC_ERROR_NONE;
}
void RbacFilter::CallData::Destroy(grpc_call_element* elem,
const grpc_call_final_info* /*final_info*/,
grpc_closure* /*then_schedule_closure*/) {
auto* calld = static_cast<CallData*>(elem->call_data);
calld->~CallData();
}
void RbacFilter::CallData::StartTransportStreamOpBatch(
grpc_call_element* elem, grpc_transport_stream_op_batch* op) {
CallData* calld = static_cast<CallData*>(elem->call_data);
if (op->recv_initial_metadata) {
calld->recv_initial_metadata_ =
op->payload->recv_initial_metadata.recv_initial_metadata;
calld->original_recv_initial_metadata_ready_ =
op->payload->recv_initial_metadata.recv_initial_metadata_ready;
op->payload->recv_initial_metadata.recv_initial_metadata_ready =
&calld->recv_initial_metadata_ready_;
}
// Chain to the next filter.
grpc_call_next_op(elem, op);
}
RbacFilter::CallData::CallData(grpc_call_element* elem,
const grpc_call_element_args& args)
: call_context_(args.context) {
GRPC_CLOSURE_INIT(&recv_initial_metadata_ready_, RecvInitialMetadataReady,
elem, grpc_schedule_on_exec_ctx);
}
void RbacFilter::CallData::RecvInitialMetadataReady(void* user_data,
grpc_error_handle error) {
grpc_call_element* elem = static_cast<grpc_call_element*>(user_data);
CallData* calld = static_cast<CallData*>(elem->call_data);
if (error == GRPC_ERROR_NONE) {
// Fetch and apply the rbac policy from the service config.
auto* service_config_call_data = static_cast<ServiceConfigCallData*>(
calld->call_context_[GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA].value);
auto* method_params = static_cast<RbacMethodParsedConfig*>(
service_config_call_data->GetMethodParsedConfig(
RbacServiceConfigParser::ParserIndex()));
if (method_params == nullptr) {
error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("No RBAC policy found.");
} else {
RbacFilter* chand = static_cast<RbacFilter*>(elem->channel_data);
auto* authorization_engine =
method_params->authorization_engine(chand->index_);
if (authorization_engine
->Evaluate(EvaluateArgs(calld->recv_initial_metadata_,
&chand->per_channel_evaluate_args_))
.type == AuthorizationEngine::Decision::Type::kDeny) {
error =
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unauthorized RPC rejected");
}
}
if (error != GRPC_ERROR_NONE) {
error = grpc_error_set_int(error, GRPC_ERROR_INT_GRPC_STATUS,
GRPC_STATUS_PERMISSION_DENIED);
}
} else {
GRPC_ERROR_REF(error);
}
grpc_closure* closure = calld->original_recv_initial_metadata_ready_;
calld->original_recv_initial_metadata_ready_ = nullptr;
Closure::Run(DEBUG_LOCATION, closure, error);
}
//
// RbacFilter
//
const grpc_channel_filter RbacFilter::kFilterVtable = {
RbacFilter::CallData::StartTransportStreamOpBatch,
grpc_channel_next_op,
sizeof(RbacFilter::CallData),
RbacFilter::CallData::Init,
grpc_call_stack_ignore_set_pollset_or_pollset_set,
RbacFilter::CallData::Destroy,
sizeof(RbacFilter),
RbacFilter::Init,
RbacFilter::Destroy,
grpc_channel_next_get_info,
"rbac_filter",
};
RbacFilter::RbacFilter(size_t index,
EvaluateArgs::PerChannelArgs per_channel_evaluate_args)
: index_(index),
per_channel_evaluate_args_(std::move(per_channel_evaluate_args)) {}
grpc_error_handle RbacFilter::Init(grpc_channel_element* elem,
grpc_channel_element_args* args) {
GPR_ASSERT(elem->filter == &kFilterVtable);
auto* auth_context = grpc_find_auth_context_in_args(args->channel_args);
if (auth_context == nullptr) {
return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No auth context found");
}
if (args->optional_transport == nullptr) {
// This should never happen since the transport is always set on the server
// side.
return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No transport configured");
}
new (elem->channel_data) RbacFilter(
grpc_channel_stack_filter_instance_number(args->channel_stack, elem),
EvaluateArgs::PerChannelArgs(
auth_context, grpc_transport_get_endpoint(args->optional_transport)));
return GRPC_ERROR_NONE;
}
void RbacFilter::Destroy(grpc_channel_element* elem) {
auto* chand = static_cast<RbacFilter*>(elem->channel_data);
chand->~RbacFilter();
}
void RbacFilterInit(void) { RbacServiceConfigParser::Register(); }
void RbacFilterShutdown(void) {}
} // namespace grpc_core

@ -0,0 +1,74 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
#include <grpc/support/port_platform.h>
#include "src/core/lib/channel/channel_stack.h"
#include "src/core/lib/security/authorization/evaluate_args.h"
namespace grpc_core {
// Filter used when xDS server config fetcher provides a configuration with an
// HTTP RBAC filter. Also serves as the type for channel data for the filter.
class RbacFilter {
public:
// This channel filter is intended to be used by connections on xDS enabled
// servers configured with RBAC. The RBAC filter fetches the RBAC policy from
// the method config of service config returned by the ServerConfigSelector,
// and enforces the RBAC policy.
static const grpc_channel_filter kFilterVtable;
private:
class CallData {
public:
static grpc_error_handle Init(grpc_call_element* elem,
const grpc_call_element_args* args);
static void Destroy(grpc_call_element* elem,
const grpc_call_final_info* /* final_info */,
grpc_closure* /* then_schedule_closure */);
static void StartTransportStreamOpBatch(grpc_call_element* elem,
grpc_transport_stream_op_batch* op);
private:
CallData(grpc_call_element* elem, const grpc_call_element_args& args);
static void RecvInitialMetadataReady(void* user_data,
grpc_error_handle error);
grpc_call_context_element* call_context_;
// State for keeping track of recv_initial_metadata
grpc_metadata_batch* recv_initial_metadata_ = nullptr;
grpc_closure* original_recv_initial_metadata_ready_ = nullptr;
grpc_closure recv_initial_metadata_ready_;
};
RbacFilter(size_t index,
EvaluateArgs::PerChannelArgs per_channel_evaluate_args);
static grpc_error_handle Init(grpc_channel_element* elem,
grpc_channel_element_args* args);
static void Destroy(grpc_channel_element* elem);
// The index of this filter instance among instances of the same filter.
size_t index_;
// Per channel args used for authorization.
EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;
};
} // namespace grpc_core
#endif // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H

@ -0,0 +1,604 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <grpc/support/port_platform.h>
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include "absl/strings/str_format.h"
#include "src/core/lib/channel/channel_args.h"
#include "src/core/lib/json/json_util.h"
#include "src/core/lib/transport/error_utils.h"
namespace grpc_core {
namespace {
size_t g_rbac_parser_index;
std::string ParseRegexMatcher(const Json::Object& regex_matcher_json,
std::vector<grpc_error_handle>* error_list) {
std::string regex;
ParseJsonObjectField(regex_matcher_json, "regex", &regex, error_list);
return regex;
}
absl::StatusOr<HeaderMatcher> ParseHeaderMatcher(
const Json::Object& header_matcher_json,
std::vector<grpc_error_handle>* error_list) {
std::string name;
ParseJsonObjectField(header_matcher_json, "name", &name, error_list);
std::string match;
HeaderMatcher::Type type = HeaderMatcher::Type();
const Json::Object* inner_json;
int64_t start = 0;
int64_t end = 0;
bool present_match = false;
bool invert_match = false;
ParseJsonObjectField(header_matcher_json, "invertMatch", &invert_match,
error_list, /*required=*/false);
if (ParseJsonObjectField(header_matcher_json, "exactMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kExact;
} else if (ParseJsonObjectField(header_matcher_json, "safeRegexMatch",
&inner_json, error_list,
/*required=*/false)) {
type = HeaderMatcher::Type::kSafeRegex;
std::vector<grpc_error_handle> safe_regex_matcher_error_list;
match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
if (!safe_regex_matcher_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"safeRegexMatch", &safe_regex_matcher_error_list));
}
} else if (ParseJsonObjectField(header_matcher_json, "rangeMatch",
&inner_json, error_list,
/*required=*/false)) {
type = HeaderMatcher::Type::kRange;
std::vector<grpc_error_handle> range_error_list;
ParseJsonObjectField(*inner_json, "start", &start, &range_error_list);
ParseJsonObjectField(*inner_json, "end", &end, &range_error_list);
if (!range_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("rangeMatch", &range_error_list));
}
} else if (ParseJsonObjectField(header_matcher_json, "presentMatch",
&present_match, error_list,
/*required=*/false)) {
type = HeaderMatcher::Type::kPresent;
} else if (ParseJsonObjectField(header_matcher_json, "prefixMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kPrefix;
} else if (ParseJsonObjectField(header_matcher_json, "suffixMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kSuffix;
} else if (ParseJsonObjectField(header_matcher_json, "containsMatch", &match,
error_list, /*required=*/false)) {
type = HeaderMatcher::Type::kContains;
} else {
return absl::InvalidArgumentError("No valid matcher found");
}
return HeaderMatcher::Create(name, type, match, start, end, present_match,
invert_match);
}
absl::StatusOr<StringMatcher> ParseStringMatcher(
const Json::Object& string_matcher_json,
std::vector<grpc_error_handle>* error_list) {
std::string match;
StringMatcher::Type type = StringMatcher::Type();
const Json::Object* inner_json;
bool ignore_case = false;
ParseJsonObjectField(string_matcher_json, "ignoreCase", &ignore_case,
error_list, /*required=*/false);
if (ParseJsonObjectField(string_matcher_json, "exact", &match, error_list,
/*required=*/false)) {
type = StringMatcher::Type::kExact;
} else if (ParseJsonObjectField(string_matcher_json, "prefix", &match,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kPrefix;
} else if (ParseJsonObjectField(string_matcher_json, "suffix", &match,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kSuffix;
} else if (ParseJsonObjectField(string_matcher_json, "safeRegex", &inner_json,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kSafeRegex;
std::vector<grpc_error_handle> safe_regex_matcher_error_list;
match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
if (!safe_regex_matcher_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"safeRegex", &safe_regex_matcher_error_list));
}
} else if (ParseJsonObjectField(string_matcher_json, "contains", &match,
error_list, /*required=*/false)) {
type = StringMatcher::Type::kContains;
} else {
return absl::InvalidArgumentError("No valid matcher found");
}
return StringMatcher::Create(type, match, ignore_case);
}
absl::StatusOr<StringMatcher> ParsePathMatcher(
const Json::Object& path_matcher_json,
std::vector<grpc_error_handle>* error_list) {
const Json::Object* string_matcher_json;
if (ParseJsonObjectField(path_matcher_json, "path", &string_matcher_json,
error_list)) {
std::vector<grpc_error_handle> sub_error_list;
auto matcher = ParseStringMatcher(*string_matcher_json, &sub_error_list);
if (!sub_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("path", &sub_error_list));
}
return matcher;
}
return absl::InvalidArgumentError("No path found");
}
Rbac::CidrRange ParseCidrRange(const Json::Object& cidr_range_json,
std::vector<grpc_error_handle>* error_list) {
std::string address_prefix;
ParseJsonObjectField(cidr_range_json, "addressPrefix", &address_prefix,
error_list);
const Json::Object* uint32_json;
uint32_t prefix_len = 0; // default value
if (ParseJsonObjectField(cidr_range_json, "prefixLen", &uint32_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> sub_error_list;
ParseJsonObjectField(*uint32_json, "value", &prefix_len, &sub_error_list);
if (!sub_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("prefixLen", &sub_error_list));
}
}
return Rbac::CidrRange(std::move(address_prefix), prefix_len);
}
Rbac::Permission ParsePermission(const Json::Object& permission_json,
std::vector<grpc_error_handle>* error_list) {
auto parse_permission_set = [](const Json::Object& permission_set_json,
std::vector<grpc_error_handle>* error_list) {
const Json::Array* rules_json;
std::vector<std::unique_ptr<Rbac::Permission>> permissions;
if (ParseJsonObjectField(permission_set_json, "rules", &rules_json,
error_list)) {
for (size_t i = 0; i < rules_json->size(); ++i) {
const Json::Object* permission_json;
if (!ExtractJsonType((*rules_json)[i],
absl::StrFormat("rules[%d]", i).c_str(),
&permission_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> permission_error_list;
permissions.emplace_back(absl::make_unique<Rbac::Permission>(
ParsePermission(*permission_json, &permission_error_list)));
if (!permission_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("rules[%d]", i), &permission_error_list));
}
}
}
return permissions;
};
Rbac::Permission permission;
const Json::Object* inner_json;
bool any;
int port;
if (ParseJsonObjectField(permission_json, "andRules", &inner_json, error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> and_rules_error_list;
permission = Rbac::Permission(
Rbac::Permission::RuleType::kAnd,
parse_permission_set(*inner_json, &and_rules_error_list));
if (!and_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("andRules", &and_rules_error_list));
}
} else if (ParseJsonObjectField(permission_json, "orRules", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> or_rules_error_list;
permission = Rbac::Permission(
Rbac::Permission::RuleType::kOr,
parse_permission_set(*inner_json, &or_rules_error_list));
if (!or_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("orRules", &or_rules_error_list));
}
} else if (ParseJsonObjectField(permission_json, "any", &any, error_list,
/*required=*/false) &&
any) {
permission = Rbac::Permission(Rbac::Permission::RuleType::kAny);
} else if (ParseJsonObjectField(permission_json, "header", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> header_error_list;
auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
if (matcher.ok()) {
permission =
Rbac::Permission(Rbac::Permission::RuleType::kHeader, *matcher);
} else {
header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
}
if (!header_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
}
} else if (ParseJsonObjectField(permission_json, "urlPath", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> url_path_error_list;
auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
if (matcher.ok()) {
permission =
Rbac::Permission(Rbac::Permission::RuleType::kPath, *matcher);
} else {
url_path_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!url_path_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
}
} else if (ParseJsonObjectField(permission_json, "destinationIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> destination_ip_error_list;
permission = Rbac::Permission(
Rbac::Permission::RuleType::kDestIp,
ParseCidrRange(*inner_json, &destination_ip_error_list));
if (!destination_ip_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"destinationIp", &destination_ip_error_list));
}
} else if (ParseJsonObjectField(permission_json, "destinationPort", &port,
error_list, /*required=*/false)) {
permission = Rbac::Permission(Rbac::Permission::RuleType::kDestPort, port);
} else if (ParseJsonObjectField(permission_json, "metadata", &inner_json,
error_list, /*required=*/false)) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Cannot handle metadata"));
} else if (ParseJsonObjectField(permission_json, "notRule", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> not_rule_error_list;
permission =
Rbac::Permission(Rbac::Permission::RuleType::kNot,
ParsePermission(*inner_json, &not_rule_error_list));
if (!not_rule_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("notRule", &not_rule_error_list));
}
} else if (ParseJsonObjectField(permission_json, "requestedServerName",
&inner_json, error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> req_server_name_error_list;
auto matcher = ParseStringMatcher(*inner_json, &req_server_name_error_list);
if (matcher.ok()) {
permission = Rbac::Permission(Rbac::Permission::RuleType::kReqServerName,
*matcher);
} else {
req_server_name_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!req_server_name_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"requestedServerName", &req_server_name_error_list));
}
} else {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid rule found"));
}
return permission;
}
Rbac::Principal ParsePrincipal(const Json::Object& principal_json,
std::vector<grpc_error_handle>* error_list) {
auto parse_principal_set = [](const Json::Object& principal_set_json,
std::vector<grpc_error_handle>* error_list) {
const Json::Array* rules_json;
std::vector<std::unique_ptr<Rbac::Principal>> principals;
if (ParseJsonObjectField(principal_set_json, "ids", &rules_json,
error_list)) {
for (size_t i = 0; i < rules_json->size(); ++i) {
const Json::Object* principal_json;
if (!ExtractJsonType((*rules_json)[i],
absl::StrFormat("ids[%d]", i).c_str(),
&principal_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> principal_error_list;
principals.emplace_back(absl::make_unique<Rbac::Principal>(
ParsePrincipal(*principal_json, &principal_error_list)));
if (!principal_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("ids[%d]", i), &principal_error_list));
}
}
}
return principals;
};
Rbac::Principal principal;
const Json::Object* inner_json;
bool any;
if (ParseJsonObjectField(principal_json, "andIds", &inner_json, error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> and_rules_error_list;
principal = Rbac::Principal(
Rbac::Principal::RuleType::kAnd,
parse_principal_set(*inner_json, &and_rules_error_list));
if (!and_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("andIds", &and_rules_error_list));
}
} else if (ParseJsonObjectField(principal_json, "orIds", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> or_rules_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kOr,
parse_principal_set(*inner_json, &or_rules_error_list));
if (!or_rules_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("orIds", &or_rules_error_list));
}
} else if (ParseJsonObjectField(principal_json, "any", &any, error_list,
/*required=*/false) &&
any) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kAny);
} else if (ParseJsonObjectField(principal_json, "authenticated", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> authenticated_error_list;
const Json::Object* principal_name_json;
if (ParseJsonObjectField(*inner_json, "principalName", &principal_name_json,
&authenticated_error_list, /*required=*/false)) {
std::vector<grpc_error_handle> principal_name_error_list;
auto matcher =
ParseStringMatcher(*principal_name_json, &principal_name_error_list);
if (matcher.ok()) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kPrincipalName,
*matcher);
} else {
principal_name_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!principal_name_error_list.empty()) {
authenticated_error_list.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"principalName", &principal_name_error_list));
}
} else if (authenticated_error_list.empty()) {
// No principalName found. Match for all users.
principal = Rbac::Principal(Rbac::Principal::RuleType::kAny);
} else {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"authenticated", &authenticated_error_list));
}
} else if (ParseJsonObjectField(principal_json, "sourceIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> source_ip_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kSourceIp,
ParseCidrRange(*inner_json, &source_ip_error_list));
if (!source_ip_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("sourceIp", &source_ip_error_list));
}
} else if (ParseJsonObjectField(principal_json, "directRemoteIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> direct_remote_ip_error_list;
principal = Rbac::Principal(
Rbac::Principal::RuleType::kDirectRemoteIp,
ParseCidrRange(*inner_json, &direct_remote_ip_error_list));
if (!direct_remote_ip_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
"directRemoteIp", &direct_remote_ip_error_list));
}
} else if (ParseJsonObjectField(principal_json, "remoteIp", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> remote_ip_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kRemoteIp,
ParseCidrRange(*inner_json, &remote_ip_error_list));
if (!remote_ip_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("remoteIp", &remote_ip_error_list));
}
} else if (ParseJsonObjectField(principal_json, "header", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> header_error_list;
auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
if (matcher.ok()) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kHeader, *matcher);
} else {
header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
}
if (!header_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
}
} else if (ParseJsonObjectField(principal_json, "urlPath", &inner_json,
error_list,
/*required=*/false)) {
std::vector<grpc_error_handle> url_path_error_list;
auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
if (matcher.ok()) {
principal = Rbac::Principal(Rbac::Principal::RuleType::kPath, *matcher);
} else {
url_path_error_list.push_back(
absl_status_to_grpc_error(matcher.status()));
}
if (!url_path_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
}
} else if (ParseJsonObjectField(principal_json, "metadata", &inner_json,
error_list, /*required=*/false)) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Cannot handle metadata"));
} else if (ParseJsonObjectField(principal_json, "notId", &inner_json,
error_list, /*required=*/false)) {
std::vector<grpc_error_handle> not_rule_error_list;
principal =
Rbac::Principal(Rbac::Principal::RuleType::kNot,
ParsePrincipal(*inner_json, &not_rule_error_list));
if (!not_rule_error_list.empty()) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_VECTOR("notId", &not_rule_error_list));
}
} else {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid id found"));
}
return principal;
}
Rbac::Policy ParsePolicy(const Json::Object& policy_json,
std::vector<grpc_error_handle>* error_list) {
Rbac::Policy policy;
const Json::Array* permissions_json_array;
std::vector<std::unique_ptr<Rbac::Permission>> permissions;
if (ParseJsonObjectField(policy_json, "permissions", &permissions_json_array,
error_list)) {
for (size_t i = 0; i < permissions_json_array->size(); ++i) {
const Json::Object* permission_json;
if (!ExtractJsonType((*permissions_json_array)[i],
absl::StrFormat("permissions[%d]", i),
&permission_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> permission_error_list;
permissions.emplace_back(absl::make_unique<Rbac::Permission>(
ParsePermission(*permission_json, &permission_error_list)));
if (!permission_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("permissions[%d]", i), &permission_error_list));
}
}
}
const Json::Array* principals_json_array;
std::vector<std::unique_ptr<Rbac::Principal>> principals;
if (ParseJsonObjectField(policy_json, "principals", &principals_json_array,
error_list)) {
for (size_t i = 0; i < principals_json_array->size(); ++i) {
const Json::Object* principal_json;
if (!ExtractJsonType((*principals_json_array)[i],
absl::StrFormat("principals[%d]", i),
&principal_json, error_list)) {
continue;
}
std::vector<grpc_error_handle> principal_error_list;
principals.emplace_back(absl::make_unique<Rbac::Principal>(
ParsePrincipal(*principal_json, &principal_error_list)));
if (!principal_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("principals[%d]", i), &principal_error_list));
}
}
}
policy.permissions =
Rbac::Permission(Rbac::Permission::RuleType::kOr, std::move(permissions));
policy.principals =
Rbac::Principal(Rbac::Principal::RuleType::kOr, std::move(principals));
return policy;
}
Rbac ParseRbac(const Json::Object& rbac_json,
std::vector<grpc_error_handle>* error_list) {
Rbac rbac;
const Json::Object* rules_json;
if (!ParseJsonObjectField(rbac_json, "rules", &rules_json, error_list,
/*required=*/false)) {
// No enforcing to be applied. An empty deny policy with an empty map is
// equivalent to no enforcing.
return Rbac(Rbac::Action::kDeny, {});
}
int action;
if (ParseJsonObjectField(*rules_json, "action", &action, error_list)) {
if (action > 1) {
error_list->push_back(
GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unknown action"));
}
}
rbac.action = static_cast<Rbac::Action>(action);
const Json::Object* policies_json;
if (ParseJsonObjectField(*rules_json, "policies", &policies_json, error_list,
/*required=*/false)) {
for (const auto& entry : *policies_json) {
std::vector<grpc_error_handle> policy_error_list;
rbac.policies.emplace(
entry.first,
ParsePolicy(entry.second.object_value(), &policy_error_list));
if (!policy_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("policies key:'%s'", entry.first.c_str()),
&policy_error_list));
}
}
}
return rbac;
}
std::vector<Rbac> ParseRbacArray(const Json::Array& policies_json_array,
std::vector<grpc_error_handle>* error_list) {
std::vector<Rbac> policies;
for (size_t i = 0; i < policies_json_array.size(); ++i) {
const Json::Object* rbac_json;
if (!ExtractJsonType(policies_json_array[i],
absl::StrFormat("rbacPolicy[%d]", i), &rbac_json,
error_list)) {
continue;
}
std::vector<grpc_error_handle> rbac_policy_error_list;
policies.emplace_back(ParseRbac(*rbac_json, &rbac_policy_error_list));
if (!rbac_policy_error_list.empty()) {
error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
absl::StrFormat("rbacPolicy[%d]", i), &rbac_policy_error_list));
}
}
return policies;
}
} // namespace
std::unique_ptr<ServiceConfigParser::ParsedConfig>
RbacServiceConfigParser::ParsePerMethodParams(const grpc_channel_args* args,
const Json& json,
grpc_error_handle* error) {
GPR_DEBUG_ASSERT(error != nullptr && *error == GRPC_ERROR_NONE);
// Only parse rbac policy if the channel arg is present
if (!grpc_channel_args_find_bool(args, GRPC_ARG_PARSE_RBAC_METHOD_CONFIG,
false)) {
return nullptr;
}
std::vector<Rbac> rbac_policies;
std::vector<grpc_error_handle> error_list;
const Json::Array* policies_json_array;
if (ParseJsonObjectField(json.object_value(), "rbacPolicy",
&policies_json_array, &error_list)) {
rbac_policies = ParseRbacArray(*policies_json_array, &error_list);
}
*error = GRPC_ERROR_CREATE_FROM_VECTOR("Rbac parser", &error_list);
if (*error != GRPC_ERROR_NONE || rbac_policies.empty()) {
return nullptr;
}
return absl::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies));
}
void RbacServiceConfigParser::Register() {
g_rbac_parser_index = ServiceConfigParser::RegisterParser(
absl::make_unique<RbacServiceConfigParser>());
}
size_t RbacServiceConfigParser::ParserIndex() { return g_rbac_parser_index; }
} // namespace grpc_core

@ -0,0 +1,70 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H
#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H
#include <grpc/support/port_platform.h>
#include <vector>
#include "src/core/ext/service_config/service_config_parser.h"
#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
namespace grpc_core {
// Channel arg key for enabling parsing RBAC via method config.
#define GRPC_ARG_PARSE_RBAC_METHOD_CONFIG \
"grpc.internal.parse_rbac_method_config"
class RbacMethodParsedConfig : public ServiceConfigParser::ParsedConfig {
public:
explicit RbacMethodParsedConfig(std::vector<Rbac> rbac_policies) {
for (auto& rbac_policy : rbac_policies) {
authorization_engines_.emplace_back(std::move(rbac_policy));
}
}
// Returns the authorization engine for a rbac policy at a certain index. For
// a connection on the server, multiple RBAC policies might be active. The
// RBAC filter uses this method to get the RBAC policy configured for a
// instance at a particular instance.
const GrpcAuthorizationEngine* authorization_engine(int index) const {
if (static_cast<size_t>(index) >= authorization_engines_.size()) {
return nullptr;
}
return &authorization_engines_[index];
}
private:
std::vector<GrpcAuthorizationEngine> authorization_engines_;
};
class RbacServiceConfigParser : public ServiceConfigParser::Parser {
public:
// Parses the per-method service config for rbac filter.
std::unique_ptr<ServiceConfigParser::ParsedConfig> ParsePerMethodParams(
const grpc_channel_args* args, const Json& json,
grpc_error_handle* error) override;
// Returns the parser index for RbacServiceConfigParser.
static size_t ParserIndex();
// Registers RbacServiceConfigParser to ServiceConfigParser.
static void Register();
};
} // namespace grpc_core
#endif // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_SERVICE_CONFIG_PARSER_H

@ -22,6 +22,7 @@
#include "absl/status/statusor.h" #include "absl/status/statusor.h"
#include "src/core/ext/service_config/service_config.h" #include "src/core/ext/service_config/service_config.h"
#include "src/core/lib/gprpp/dual_ref_counted.h"
#include "src/core/lib/transport/metadata_batch.h" #include "src/core/lib/transport/metadata_batch.h"
namespace grpc_core { namespace grpc_core {
@ -45,7 +46,7 @@ class ServerConfigSelector : public RefCounted<ServerConfigSelector> {
// ServerConfigSelectorProvider allows for subscribers to watch for updates on // ServerConfigSelectorProvider allows for subscribers to watch for updates on
// ServerConfigSelector. It is propagated via channel args. // ServerConfigSelector. It is propagated via channel args.
class ServerConfigSelectorProvider class ServerConfigSelectorProvider
: public RefCounted<ServerConfigSelectorProvider> { : public DualRefCounted<ServerConfigSelectorProvider> {
public: public:
class ServerConfigSelectorWatcher { class ServerConfigSelectorWatcher {
public: public:

@ -36,7 +36,7 @@ class ChannelData {
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> config_selector() { absl::StatusOr<RefCountedPtr<ServerConfigSelector>> config_selector() {
MutexLock lock(&mu_); MutexLock lock(&mu_);
return config_selector_; return config_selector_.value();
} }
private: private:
@ -60,8 +60,8 @@ class ChannelData {
RefCountedPtr<ServerConfigSelectorProvider> server_config_selector_provider_; RefCountedPtr<ServerConfigSelectorProvider> server_config_selector_provider_;
Mutex mu_; Mutex mu_;
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> config_selector_ absl::optional<absl::StatusOr<RefCountedPtr<ServerConfigSelector>>>
ABSL_GUARDED_BY(mu_); config_selector_ ABSL_GUARDED_BY(mu_);
}; };
class CallData { class CallData {
@ -103,7 +103,7 @@ class CallData {
grpc_error_handle ChannelData::Init(grpc_channel_element* elem, grpc_error_handle ChannelData::Init(grpc_channel_element* elem,
grpc_channel_element_args* args) { grpc_channel_element_args* args) {
GPR_ASSERT(elem->filter = &kServerConfigSelectorFilter); GPR_ASSERT(elem->filter == &kServerConfigSelectorFilter);
RefCountedPtr<ServerConfigSelectorProvider> server_config_selector_provider = RefCountedPtr<ServerConfigSelectorProvider> server_config_selector_provider =
ServerConfigSelectorProvider::GetFromChannelArgs(*args->channel_args); ServerConfigSelectorProvider::GetFromChannelArgs(*args->channel_args);
if (server_config_selector_provider == nullptr) { if (server_config_selector_provider == nullptr) {
@ -127,8 +127,13 @@ ChannelData::ChannelData(
GPR_ASSERT(server_config_selector_provider_ != nullptr); GPR_ASSERT(server_config_selector_provider_ != nullptr);
auto server_config_selector_watcher = auto server_config_selector_watcher =
absl::make_unique<ServerConfigSelectorWatcher>(this); absl::make_unique<ServerConfigSelectorWatcher>(this);
config_selector_ = server_config_selector_provider_->Watch( auto config_selector = server_config_selector_provider_->Watch(
std::move(server_config_selector_watcher)); std::move(server_config_selector_watcher));
MutexLock lock(&mu_);
// It's possible for the watcher to have already updated config_selector_
if (!config_selector_.has_value()) {
config_selector_ = std::move(config_selector);
}
} }
ChannelData::~ChannelData() { server_config_selector_provider_->CancelWatch(); } ChannelData::~ChannelData() { server_config_selector_provider_->CancelWatch(); }

@ -174,7 +174,8 @@ class Chttp2ServerListener : public Server::ListenerInterface {
grpc_closure on_close_; grpc_closure on_close_;
grpc_timer drain_grace_timer_; grpc_timer drain_grace_timer_;
grpc_closure on_drain_grace_time_expiry_; grpc_closure on_drain_grace_time_expiry_;
bool drain_grace_timer_expiry_callback_pending_ = false; bool drain_grace_timer_expiry_callback_pending_ ABSL_GUARDED_BY(&mu_) =
false;
bool shutdown_ ABSL_GUARDED_BY(&mu_) = false; bool shutdown_ ABSL_GUARDED_BY(&mu_) = false;
}; };
@ -547,24 +548,27 @@ void Chttp2ServerListener::ActiveConnection::SendGoAway() {
grpc_chttp2_transport* transport = nullptr; grpc_chttp2_transport* transport = nullptr;
{ {
MutexLock lock(&mu_); MutexLock lock(&mu_);
transport = transport_; if (transport_ != nullptr && !shutdown_) {
transport = transport_;
Ref().release(); // Ref held by OnDrainGraceTimeExpiry
GRPC_CLOSURE_INIT(&on_drain_grace_time_expiry_, OnDrainGraceTimeExpiry,
this, nullptr);
grpc_timer_init(&drain_grace_timer_,
ExecCtx::Get()->Now() +
grpc_channel_args_find_integer(
listener_->args_,
GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS,
{10 * 60 * GPR_MS_PER_SEC, 0, INT_MAX}),
&on_drain_grace_time_expiry_);
drain_grace_timer_expiry_callback_pending_ = true;
shutdown_ = true;
}
} }
if (transport != nullptr) { if (transport != nullptr) {
grpc_transport_op* op = grpc_make_transport_op(nullptr); grpc_transport_op* op = grpc_make_transport_op(nullptr);
op->goaway_error = GRPC_ERROR_CREATE_FROM_STATIC_STRING( op->goaway_error = GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"Server is stopping to serve requests."); "Server is stopping to serve requests.");
grpc_transport_perform_op(&transport->base, op); grpc_transport_perform_op(&transport->base, op);
Ref().release(); // Ref held by OnDrainGraceTimeExpiry
GRPC_CLOSURE_INIT(&on_drain_grace_time_expiry_, OnDrainGraceTimeExpiry,
this, nullptr);
grpc_timer_init(&drain_grace_timer_,
ExecCtx::Get()->Now() +
grpc_channel_args_find_integer(
listener_->args_,
GRPC_ARG_SERVER_CONFIG_CHANGE_DRAIN_GRACE_TIME_MS,
{10 * 60 * GPR_MS_PER_SEC, 0, INT_MAX}),
&on_drain_grace_time_expiry_);
drain_grace_timer_expiry_callback_pending_ = true;
} }
} }
@ -598,6 +602,7 @@ void Chttp2ServerListener::ActiveConnection::OnClose(
connection = std::move(it->second); connection = std::move(it->second);
self->listener_->connections_.erase(it); self->listener_->connections_.erase(it);
} }
self->shutdown_ = true;
} }
// Cancel the drain_grace_timer_ if needed. // Cancel the drain_grace_timer_ if needed.
if (self->drain_grace_timer_expiry_callback_pending_) { if (self->drain_grace_timer_expiry_callback_pending_) {

@ -0,0 +1,61 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include <stddef.h>
#include "upb/msg_internal.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h"
#include "envoy/config/rbac/v3/rbac.upb.h"
#include "udpa/annotations/status.upb.h"
#include "udpa/annotations/versioning.upb.h"
#include "upb/port_def.inc"
static const upb_msglayout_sub envoy_extensions_filters_http_rbac_v3_RBAC_submsgs[1] = {
{.submsg = &envoy_config_rbac_v3_RBAC_msginit},
};
static const upb_msglayout_field envoy_extensions_filters_http_rbac_v3_RBAC__fields[3] = {
{1, UPB_SIZE(12, 24), 1, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)},
{2, UPB_SIZE(16, 32), 2, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)},
{3, UPB_SIZE(4, 8), 0, 0, 9, _UPB_MODE_SCALAR | (_UPB_REP_STRVIEW << _UPB_REP_SHIFT)},
};
const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBAC_msginit = {
&envoy_extensions_filters_http_rbac_v3_RBAC_submsgs[0],
&envoy_extensions_filters_http_rbac_v3_RBAC__fields[0],
UPB_SIZE(24, 48), 3, _UPB_MSGEXT_NONE, 3, 255,
};
static const upb_msglayout_sub envoy_extensions_filters_http_rbac_v3_RBACPerRoute_submsgs[1] = {
{.submsg = &envoy_extensions_filters_http_rbac_v3_RBAC_msginit},
};
static const upb_msglayout_field envoy_extensions_filters_http_rbac_v3_RBACPerRoute__fields[1] = {
{2, UPB_SIZE(4, 8), 1, 0, 11, _UPB_MODE_SCALAR | (_UPB_REP_PTR << _UPB_REP_SHIFT)},
};
const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit = {
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_submsgs[0],
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute__fields[0],
UPB_SIZE(8, 16), 1, _UPB_MSGEXT_NONE, 0, 255,
};
static const upb_msglayout *messages_layout[2] = {
&envoy_extensions_filters_http_rbac_v3_RBAC_msginit,
&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit,
};
const upb_msglayout_file envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout = {
messages_layout,
NULL,
2,
0,
};
#include "upb/port_undef.inc"

@ -0,0 +1,146 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_
#define ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_
#include "upb/msg_internal.h"
#include "upb/decode.h"
#include "upb/decode_fast.h"
#include "upb/encode.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
struct envoy_extensions_filters_http_rbac_v3_RBAC;
struct envoy_extensions_filters_http_rbac_v3_RBACPerRoute;
typedef struct envoy_extensions_filters_http_rbac_v3_RBAC envoy_extensions_filters_http_rbac_v3_RBAC;
typedef struct envoy_extensions_filters_http_rbac_v3_RBACPerRoute envoy_extensions_filters_http_rbac_v3_RBACPerRoute;
extern const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBAC_msginit;
extern const upb_msglayout envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit;
struct envoy_config_rbac_v3_RBAC;
extern const upb_msglayout envoy_config_rbac_v3_RBAC_msginit;
/* envoy.extensions.filters.http.rbac.v3.RBAC */
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_new(upb_arena *arena) {
return (envoy_extensions_filters_http_rbac_v3_RBAC *)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena);
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_parse(const char *buf, size_t size,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBAC *ret = envoy_extensions_filters_http_rbac_v3_RBAC_new(arena);
if (!ret) return NULL;
if (!upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena)) return NULL;
return ret;
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBAC *envoy_extensions_filters_http_rbac_v3_RBAC_parse_ex(const char *buf, size_t size,
const upb_extreg *extreg, int options,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBAC *ret = envoy_extensions_filters_http_rbac_v3_RBAC_new(arena);
if (!ret) return NULL;
if (!_upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, extreg, options, arena)) {
return NULL;
}
return ret;
}
UPB_INLINE char *envoy_extensions_filters_http_rbac_v3_RBAC_serialize(const envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena, size_t *len) {
return upb_encode(msg, &envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena, len);
}
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBAC_has_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return _upb_hasbit(msg, 1); }
UPB_INLINE const struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(12, 24), const struct envoy_config_rbac_v3_RBAC*); }
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBAC_has_shadow_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return _upb_hasbit(msg, 2); }
UPB_INLINE const struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(16, 32), const struct envoy_config_rbac_v3_RBAC*); }
UPB_INLINE upb_strview envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules_stat_prefix(const envoy_extensions_filters_http_rbac_v3_RBAC *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(4, 8), upb_strview); }
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, struct envoy_config_rbac_v3_RBAC* value) {
_upb_sethas(msg, 1);
*UPB_PTR_AT(msg, UPB_SIZE(12, 24), struct envoy_config_rbac_v3_RBAC*) = value;
}
UPB_INLINE struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_mutable_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena) {
struct envoy_config_rbac_v3_RBAC* sub = (struct envoy_config_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBAC_rules(msg);
if (sub == NULL) {
sub = (struct envoy_config_rbac_v3_RBAC*)_upb_msg_new(&envoy_config_rbac_v3_RBAC_msginit, arena);
if (!sub) return NULL;
envoy_extensions_filters_http_rbac_v3_RBAC_set_rules(msg, sub);
}
return sub;
}
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, struct envoy_config_rbac_v3_RBAC* value) {
_upb_sethas(msg, 2);
*UPB_PTR_AT(msg, UPB_SIZE(16, 32), struct envoy_config_rbac_v3_RBAC*) = value;
}
UPB_INLINE struct envoy_config_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBAC_mutable_shadow_rules(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_arena *arena) {
struct envoy_config_rbac_v3_RBAC* sub = (struct envoy_config_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBAC_shadow_rules(msg);
if (sub == NULL) {
sub = (struct envoy_config_rbac_v3_RBAC*)_upb_msg_new(&envoy_config_rbac_v3_RBAC_msginit, arena);
if (!sub) return NULL;
envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules(msg, sub);
}
return sub;
}
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBAC_set_shadow_rules_stat_prefix(envoy_extensions_filters_http_rbac_v3_RBAC *msg, upb_strview value) {
*UPB_PTR_AT(msg, UPB_SIZE(4, 8), upb_strview) = value;
}
/* envoy.extensions.filters.http.rbac.v3.RBACPerRoute */
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(upb_arena *arena) {
return (envoy_extensions_filters_http_rbac_v3_RBACPerRoute *)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena);
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse(const char *buf, size_t size,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBACPerRoute *ret = envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(arena);
if (!ret) return NULL;
if (!upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena)) return NULL;
return ret;
}
UPB_INLINE envoy_extensions_filters_http_rbac_v3_RBACPerRoute *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse_ex(const char *buf, size_t size,
const upb_extreg *extreg, int options,
upb_arena *arena) {
envoy_extensions_filters_http_rbac_v3_RBACPerRoute *ret = envoy_extensions_filters_http_rbac_v3_RBACPerRoute_new(arena);
if (!ret) return NULL;
if (!_upb_decode(buf, size, ret, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, extreg, options, arena)) {
return NULL;
}
return ret;
}
UPB_INLINE char *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_serialize(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, upb_arena *arena, size_t *len) {
return upb_encode(msg, &envoy_extensions_filters_http_rbac_v3_RBACPerRoute_msginit, arena, len);
}
UPB_INLINE bool envoy_extensions_filters_http_rbac_v3_RBACPerRoute_has_rbac(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg) { return _upb_hasbit(msg, 1); }
UPB_INLINE const envoy_extensions_filters_http_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(const envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg) { return *UPB_PTR_AT(msg, UPB_SIZE(4, 8), const envoy_extensions_filters_http_rbac_v3_RBAC*); }
UPB_INLINE void envoy_extensions_filters_http_rbac_v3_RBACPerRoute_set_rbac(envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, envoy_extensions_filters_http_rbac_v3_RBAC* value) {
_upb_sethas(msg, 1);
*UPB_PTR_AT(msg, UPB_SIZE(4, 8), envoy_extensions_filters_http_rbac_v3_RBAC*) = value;
}
UPB_INLINE struct envoy_extensions_filters_http_rbac_v3_RBAC* envoy_extensions_filters_http_rbac_v3_RBACPerRoute_mutable_rbac(envoy_extensions_filters_http_rbac_v3_RBACPerRoute *msg, upb_arena *arena) {
struct envoy_extensions_filters_http_rbac_v3_RBAC* sub = (struct envoy_extensions_filters_http_rbac_v3_RBAC*)envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(msg);
if (sub == NULL) {
sub = (struct envoy_extensions_filters_http_rbac_v3_RBAC*)_upb_msg_new(&envoy_extensions_filters_http_rbac_v3_RBAC_msginit, arena);
if (!sub) return NULL;
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_set_rbac(msg, sub);
}
return sub;
}
extern const upb_msglayout_file envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout;
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPB_H_ */

@ -0,0 +1,56 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h"
extern upb_def_init envoy_config_rbac_v3_rbac_proto_upbdefinit;
extern upb_def_init udpa_annotations_status_proto_upbdefinit;
extern upb_def_init udpa_annotations_versioning_proto_upbdefinit;
static const char descriptor[639] = {'\n', '0', 'e', 'n', 'v', 'o', 'y', '/', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '/', 'f', 'i', 'l', 't', 'e', 'r',
's', '/', 'h', 't', 't', 'p', '/', 'r', 'b', 'a', 'c', '/', 'v', '3', '/', 'r', 'b', 'a', 'c', '.', 'p', 'r', 'o', 't', 'o',
'\022', '%', 'e', 'n', 'v', 'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r',
's', '.', 'h', 't', 't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '\032', '\037', 'e', 'n', 'v', 'o', 'y', '/', 'c', 'o', 'n',
'f', 'i', 'g', '/', 'r', 'b', 'a', 'c', '/', 'v', '3', '/', 'r', 'b', 'a', 'c', '.', 'p', 'r', 'o', 't', 'o', '\032', '\035', 'u',
'd', 'p', 'a', '/', 'a', 'n', 'n', 'o', 't', 'a', 't', 'i', 'o', 'n', 's', '/', 's', 't', 'a', 't', 'u', 's', '.', 'p', 'r',
'o', 't', 'o', '\032', '!', 'u', 'd', 'p', 'a', '/', 'a', 'n', 'n', 'o', 't', 'a', 't', 'i', 'o', 'n', 's', '/', 'v', 'e', 'r',
's', 'i', 'o', 'n', 'i', 'n', 'g', '.', 'p', 'r', 'o', 't', 'o', '\"', '\336', '\001', '\n', '\004', 'R', 'B', 'A', 'C', '\022', '0', '\n',
'\005', 'r', 'u', 'l', 'e', 's', '\030', '\001', ' ', '\001', '(', '\013', '2', '\032', '.', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f',
'i', 'g', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\005', 'r', 'u', 'l', 'e', 's', '\022', '=', '\n',
'\014', 's', 'h', 'a', 'd', 'o', 'w', '_', 'r', 'u', 'l', 'e', 's', '\030', '\002', ' ', '\001', '(', '\013', '2', '\032', '.', 'e', 'n', 'v',
'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\013', 's',
'h', 'a', 'd', 'o', 'w', 'R', 'u', 'l', 'e', 's', '\022', '7', '\n', '\030', 's', 'h', 'a', 'd', 'o', 'w', '_', 'r', 'u', 'l', 'e',
's', '_', 's', 't', 'a', 't', '_', 'p', 'r', 'e', 'f', 'i', 'x', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\025', 's', 'h', 'a', 'd',
'o', 'w', 'R', 'u', 'l', 'e', 's', 'S', 't', 'a', 't', 'P', 'r', 'e', 'f', 'i', 'x', ':', ',', '\232', '\305', '\210', '\036', '\'', '\n',
'%', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'f', 'i', 'l', 't', 'e', 'r', '.', 'h', 't', 't', 'p',
'.', 'r', 'b', 'a', 'c', '.', 'v', '2', '.', 'R', 'B', 'A', 'C', '\"', '\213', '\001', '\n', '\014', 'R', 'B', 'A', 'C', 'P', 'e', 'r',
'R', 'o', 'u', 't', 'e', '\022', '?', '\n', '\004', 'r', 'b', 'a', 'c', '\030', '\002', ' ', '\001', '(', '\013', '2', '+', '.', 'e', 'n', 'v',
'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r', 's', '.', 'h', 't', 't',
'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', '.', 'R', 'B', 'A', 'C', 'R', '\004', 'r', 'b', 'a', 'c', ':', '4', '\232', '\305', '\210',
'\036', '/', '\n', '-', 'e', 'n', 'v', 'o', 'y', '.', 'c', 'o', 'n', 'f', 'i', 'g', '.', 'f', 'i', 'l', 't', 'e', 'r', '.', 'h',
't', 't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '2', '.', 'R', 'B', 'A', 'C', 'P', 'e', 'r', 'R', 'o', 'u', 't', 'e', 'J',
'\004', '\010', '\001', '\020', '\002', 'B', 'J', '\n', '3', 'i', 'o', '.', 'e', 'n', 'v', 'o', 'y', 'p', 'r', 'o', 'x', 'y', '.', 'e', 'n',
'v', 'o', 'y', '.', 'e', 'x', 't', 'e', 'n', 's', 'i', 'o', 'n', 's', '.', 'f', 'i', 'l', 't', 'e', 'r', 's', '.', 'h', 't',
't', 'p', '.', 'r', 'b', 'a', 'c', '.', 'v', '3', 'B', '\t', 'R', 'b', 'a', 'c', 'P', 'r', 'o', 't', 'o', 'P', '\001', '\272', '\200',
'\310', '\321', '\006', '\002', '\020', '\002', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[4] = {
&envoy_config_rbac_v3_rbac_proto_upbdefinit,
&udpa_annotations_status_proto_upbdefinit,
&udpa_annotations_versioning_proto_upbdefinit,
NULL
};
upb_def_init envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit = {
deps,
&envoy_extensions_filters_http_rbac_v3_rbac_proto_upb_file_layout,
"envoy/extensions/filters/http/rbac/v3/rbac.proto",
UPB_STRVIEW_INIT(descriptor, 639)
};

@ -0,0 +1,40 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* envoy/extensions/filters/http/rbac/v3/rbac.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_
#define ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit;
UPB_INLINE const upb_msgdef *envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "envoy.extensions.filters.http.rbac.v3.RBAC");
}
UPB_INLINE const upb_msgdef *envoy_extensions_filters_http_rbac_v3_RBACPerRoute_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &envoy_extensions_filters_http_rbac_v3_rbac_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "envoy.extensions.filters.http.rbac.v3.RBACPerRoute");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* ENVOY_EXTENSIONS_FILTERS_HTTP_RBAC_V3_RBAC_PROTO_UPBDEFS_H_ */

@ -0,0 +1,154 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/checked.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/checked.upbdefs.h"
#include "google/api/expr/v1alpha1/checked.upb.h"
extern upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit;
extern upb_def_init google_protobuf_empty_proto_upbdefinit;
extern upb_def_init google_protobuf_struct_proto_upbdefinit;
static const char descriptor[3089] = {'\n', '&', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'c', 'h', 'e', 'c', 'k', 'e', 'd', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '%', 'g', 'o', 'o', 'g', 'l', 'e', '/',
'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 's', 'y', 'n', 't', 'a', 'x', '.',
'p', 'r', 'o', 't', 'o', '\032', '\033', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 'e', 'm',
'p', 't', 'y', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u',
'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o', 't', 'o', '\"', '\367', '\003', '\n', '\013', 'C', 'h', 'e', 'c', 'k', 'e',
'd', 'E', 'x', 'p', 'r', '\022', '\\', '\n', '\r', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '_', 'm', 'a', 'p', '\030', '\002', ' ',
'\003', '(', '\013', '2', '7', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
'l', 'p', 'h', 'a', '1', '.', 'C', 'h', 'e', 'c', 'k', 'e', 'd', 'E', 'x', 'p', 'r', '.', 'R', 'e', 'f', 'e', 'r', 'e', 'n',
'c', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', 'R', '\014', 'r', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'M', 'a', 'p', '\022',
'M', '\n', '\010', 't', 'y', 'p', 'e', '_', 'm', 'a', 'p', '\030', '\003', ' ', '\003', '(', '\013', '2', '2', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'h', 'e', 'c', 'k',
'e', 'd', 'E', 'x', 'p', 'r', '.', 'T', 'y', 'p', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', 'R', '\007', 't', 'y', 'p', 'e',
'M', 'a', 'p', '\022', 'E', '\n', '\013', 's', 'o', 'u', 'r', 'c', 'e', '_', 'i', 'n', 'f', 'o', '\030', '\005', ' ', '\001', '(', '\013', '2',
'$', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', 'R', '\n', 's', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\022',
'2', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'e', 'x', 'p',
'r', '\032', 'd', '\n', '\021', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n',
'\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '9', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030',
'\002', ' ', '\001', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v',
'1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':',
'\002', '8', '\001', '\032', 'Z', '\n', '\014', 'T', 'y', 'p', 'e', 'M', 'a', 'p', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n', '\003', 'k', 'e',
'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001',
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':', '\002', '8', '\001', '\"', '\310', '\013', '\n', '\004',
'T', 'y', 'p', 'e', '\022', '*', '\n', '\003', 'd', 'y', 'n', '\030', '\001', ' ', '\001', '(', '\013', '2', '\026', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'E', 'm', 'p', 't', 'y', 'H', '\000', 'R', '\003', 'd', 'y', 'n', '\022', '0',
'\n', '\004', 'n', 'u', 'l', 'l', '\030', '\002', ' ', '\001', '(', '\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o',
't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\004', 'n', 'u', 'l', 'l', '\022', 'L',
'\n', '\t', 'p', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', '\030', '\003', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.',
'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\t', 'p', 'r', 'i', 'm', 'i', 't', 'i', 'v',
'e', '\022', 'H', '\n', '\007', 'w', 'r', 'a', 'p', 'p', 'e', 'r', '\030', '\004', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e',
'.', 'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\007', 'w', 'r', 'a', 'p', 'p', 'e', 'r',
'\022', 'M', '\n', '\n', 'w', 'e', 'l', 'l', '_', 'k', 'n', 'o', 'w', 'n', '\030', '\005', ' ', '\001', '(', '\016', '2', ',', '.', 'g', 'o',
'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y',
'p', 'e', '.', 'W', 'e', 'l', 'l', 'K', 'n', 'o', 'w', 'n', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\t', 'w', 'e', 'l', 'l', 'K',
'n', 'o', 'w', 'n', '\022', 'F', '\n', '\t', 'l', 'i', 's', 't', '_', 't', 'y', 'p', 'e', '\030', '\006', ' ', '\001', '(', '\013', '2', '\'',
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1',
'.', 'T', 'y', 'p', 'e', '.', 'L', 'i', 's', 't', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\010', 'l', 'i', 's', 't', 'T', 'y', 'p',
'e', '\022', 'C', '\n', '\010', 'm', 'a', 'p', '_', 't', 'y', 'p', 'e', '\030', '\007', ' ', '\001', '(', '\013', '2', '&', '.', 'g', 'o', 'o',
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p',
'e', '.', 'M', 'a', 'p', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\007', 'm', 'a', 'p', 'T', 'y', 'p', 'e', '\022', 'I', '\n', '\010', 'f',
'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\010', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.', 'F', 'u', 'n', 'c',
't', 'i', 'o', 'n', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '#', '\n', '\014', 'm',
'e', 's', 's', 'a', 'g', 'e', '_', 't', 'y', 'p', 'e', '\030', '\t', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 'm', 'e', 's', 's',
'a', 'g', 'e', 'T', 'y', 'p', 'e', '\022', '\037', '\n', '\n', 't', 'y', 'p', 'e', '_', 'p', 'a', 'r', 'a', 'm', '\030', '\n', ' ', '\001',
'(', '\t', 'H', '\000', 'R', '\t', 't', 'y', 'p', 'e', 'P', 'a', 'r', 'a', 'm', '\022', '4', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\013',
' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\004', 't', 'y', 'p', 'e', '\022', '.', '\n', '\005', 'e', 'r',
'r', 'o', 'r', '\030', '\014', ' ', '\001', '(', '\013', '2', '\026', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b',
'u', 'f', '.', 'E', 'm', 'p', 't', 'y', 'H', '\000', 'R', '\005', 'e', 'r', 'r', 'o', 'r', '\022', 'R', '\n', '\r', 'a', 'b', 's', 't',
'r', 'a', 'c', 't', '_', 't', 'y', 'p', 'e', '\030', '\016', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', '.', 'A', 'b',
's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p', 'e', 'H', '\000', 'R', '\014', 'a', 'b', 's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p',
'e', '\032', 'G', '\n', '\010', 'L', 'i', 's', 't', 'T', 'y', 'p', 'e', '\022', ';', '\n', '\t', 'e', 'l', 'e', 'm', '_', 't', 'y', 'p',
'e', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\010', 'e', 'l', 'e', 'm', 'T', 'y', 'p', 'e', '\032',
'\203', '\001', '\n', '\007', 'M', 'a', 'p', 'T', 'y', 'p', 'e', '\022', '9', '\n', '\010', 'k', 'e', 'y', '_', 't', 'y', 'p', 'e', '\030', '\001',
' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\007', 'k', 'e', 'y', 'T', 'y', 'p', 'e', '\022', '=', '\n', '\n', 'v',
'a', 'l', 'u', 'e', '_', 't', 'y', 'p', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\t', 'v',
'a', 'l', 'u', 'e', 'T', 'y', 'p', 'e', '\032', '\214', '\001', '\n', '\014', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'T', 'y', 'p', 'e',
'\022', '?', '\n', '\013', 'r', 'e', 's', 'u', 'l', 't', '_', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g',
'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T',
'y', 'p', 'e', 'R', '\n', 'r', 'e', 's', 'u', 'l', 't', 'T', 'y', 'p', 'e', '\022', ';', '\n', '\t', 'a', 'r', 'g', '_', 't', 'y',
'p', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\010', 'a', 'r', 'g', 'T', 'y', 'p', 'e',
's', '\032', 'k', '\n', '\014', 'A', 'b', 's', 't', 'r', 'a', 'c', 't', 'T', 'y', 'p', 'e', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e',
'\030', '\001', ' ', '\001', '(', '\t', 'R', '\004', 'n', 'a', 'm', 'e', '\022', 'G', '\n', '\017', 'p', 'a', 'r', 'a', 'm', 'e', 't', 'e', 'r',
'_', 't', 'y', 'p', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\016', 'p', 'a', 'r', 'a',
'm', 'e', 't', 'e', 'r', 'T', 'y', 'p', 'e', 's', '\"', 's', '\n', '\r', 'P', 'r', 'i', 'm', 'i', 't', 'i', 'v', 'e', 'T', 'y',
'p', 'e', '\022', '\036', '\n', '\032', 'P', 'R', 'I', 'M', 'I', 'T', 'I', 'V', 'E', '_', 'T', 'Y', 'P', 'E', '_', 'U', 'N', 'S', 'P',
'E', 'C', 'I', 'F', 'I', 'E', 'D', '\020', '\000', '\022', '\010', '\n', '\004', 'B', 'O', 'O', 'L', '\020', '\001', '\022', '\t', '\n', '\005', 'I', 'N',
'T', '6', '4', '\020', '\002', '\022', '\n', '\n', '\006', 'U', 'I', 'N', 'T', '6', '4', '\020', '\003', '\022', '\n', '\n', '\006', 'D', 'O', 'U', 'B',
'L', 'E', '\020', '\004', '\022', '\n', '\n', '\006', 'S', 'T', 'R', 'I', 'N', 'G', '\020', '\005', '\022', '\t', '\n', '\005', 'B', 'Y', 'T', 'E', 'S',
'\020', '\006', '\"', 'V', '\n', '\r', 'W', 'e', 'l', 'l', 'K', 'n', 'o', 'w', 'n', 'T', 'y', 'p', 'e', '\022', '\037', '\n', '\033', 'W', 'E',
'L', 'L', '_', 'K', 'N', 'O', 'W', 'N', '_', 'T', 'Y', 'P', 'E', '_', 'U', 'N', 'S', 'P', 'E', 'C', 'I', 'F', 'I', 'E', 'D',
'\020', '\000', '\022', '\007', '\n', '\003', 'A', 'N', 'Y', '\020', '\001', '\022', '\r', '\n', '\t', 'T', 'I', 'M', 'E', 'S', 'T', 'A', 'M', 'P', '\020',
'\002', '\022', '\014', '\n', '\010', 'D', 'U', 'R', 'A', 'T', 'I', 'O', 'N', '\020', '\003', 'B', '\013', '\n', '\t', 't', 'y', 'p', 'e', '_', 'k',
'i', 'n', 'd', '\"', '\263', '\005', '\n', '\004', 'D', 'e', 'c', 'l', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(',
'\t', 'R', '\004', 'n', 'a', 'm', 'e', '\022', '@', '\n', '\005', 'i', 'd', 'e', 'n', 't', '\030', '\002', ' ', '\001', '(', '\013', '2', '(', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'D', 'e', 'c', 'l', '.', 'I', 'd', 'e', 'n', 't', 'D', 'e', 'c', 'l', 'H', '\000', 'R', '\005', 'i', 'd', 'e', 'n', 't', '\022', 'I',
'\n', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\003', ' ', '\001', '(', '\013', '2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e',
'.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'D', 'e', 'c', 'l', '.', 'F',
'u', 'n', 'c', 't', 'i', 'o', 'n', 'D', 'e', 'c', 'l', 'H', '\000', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\032', '\213',
'\001', '\n', '\t', 'I', 'd', 'e', 'n', 't', 'D', 'e', 'c', 'l', '\022', '2', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(',
'\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\004', 't', 'y', 'p', 'e', '\022', '8', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002',
' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\022', '\020', '\n',
'\003', 'd', 'o', 'c', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\003', 'd', 'o', 'c', '\032', '\356', '\002', '\n', '\014', 'F', 'u', 'n', 'c', 't',
'i', 'o', 'n', 'D', 'e', 'c', 'l', '\022', 'R', '\n', '\t', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 's', '\030', '\001', ' ', '\003', '(',
'\013', '2', '4', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'D', 'e', 'c', 'l', '.', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', 'D', 'e', 'c', 'l', '.', 'O', 'v', 'e',
'r', 'l', 'o', 'a', 'd', 'R', '\t', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 's', '\032', '\211', '\002', '\n', '\010', 'O', 'v', 'e', 'r',
'l', 'o', 'a', 'd', '\022', '\037', '\n', '\013', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '_', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\t',
'R', '\n', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 'I', 'd', '\022', '6', '\n', '\006', 'p', 'a', 'r', 'a', 'm', 's', '\030', '\002', ' ',
'\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
'l', 'p', 'h', 'a', '1', '.', 'T', 'y', 'p', 'e', 'R', '\006', 'p', 'a', 'r', 'a', 'm', 's', '\022', '\037', '\n', '\013', 't', 'y', 'p',
'e', '_', 'p', 'a', 'r', 'a', 'm', 's', '\030', '\003', ' ', '\003', '(', '\t', 'R', '\n', 't', 'y', 'p', 'e', 'P', 'a', 'r', 'a', 'm',
's', '\022', '?', '\n', '\013', 'r', 'e', 's', 'u', 'l', 't', '_', 't', 'y', 'p', 'e', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'T', 'y', 'p', 'e', 'R', '\n', 'r', 'e', 's', 'u', 'l', 't', 'T', 'y', 'p', 'e', '\022', '0', '\n', '\024', 'i', 's', '_', 'i', 'n',
's', 't', 'a', 'n', 'c', 'e', '_', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\030', '\005', ' ', '\001', '(', '\010', 'R', '\022', 'i', 's',
'I', 'n', 's', 't', 'a', 'n', 'c', 'e', 'F', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '\020', '\n', '\003', 'd', 'o', 'c', '\030', '\006',
' ', '\001', '(', '\t', 'R', '\003', 'd', 'o', 'c', 'B', '\013', '\n', '\t', 'd', 'e', 'c', 'l', '_', 'k', 'i', 'n', 'd', '\"', 'z', '\n',
'\t', 'R', 'e', 'f', 'e', 'r', 'e', 'n', 'c', 'e', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R',
'\004', 'n', 'a', 'm', 'e', '\022', '\037', '\n', '\013', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', '_', 'i', 'd', '\030', '\003', ' ', '\003', '(',
'\t', 'R', '\n', 'o', 'v', 'e', 'r', 'l', 'o', 'a', 'd', 'I', 'd', '\022', '8', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\004', ' ',
'\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a',
'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', 'l', '\n', '\034',
'c', 'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', 'B', '\t', 'D', 'e', 'c', 'l', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'g', 'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l',
'e', 'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e',
'x', 'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[4] = {
&google_api_expr_v1alpha1_syntax_proto_upbdefinit,
&google_protobuf_empty_proto_upbdefinit,
&google_protobuf_struct_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_checked_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_checked_proto_upb_file_layout,
"google/api/expr/v1alpha1/checked.proto",
UPB_STRVIEW_INIT(descriptor, 3089)
};

@ -0,0 +1,95 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/checked.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_checked_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_ReferenceMapEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr.ReferenceMapEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_CheckedExpr_TypeMapEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.CheckedExpr.TypeMapEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_ListType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.ListType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_MapType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.MapType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_FunctionType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.FunctionType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Type_AbstractType_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Type.AbstractType");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_IdentDecl_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.IdentDecl");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_FunctionDecl_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.FunctionDecl");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Decl_FunctionDecl_Overload_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Decl.FunctionDecl.Overload");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Reference_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_checked_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Reference");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_CHECKED_PROTO_UPBDEFS_H_ */

@ -0,0 +1,58 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/eval.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/eval.upbdefs.h"
#include "google/api/expr/v1alpha1/eval.upb.h"
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit;
extern upb_def_init google_rpc_status_proto_upbdefinit;
static const char descriptor[738] = {'\n', '#', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'e', 'v', 'a', 'l', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.',
'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i',
'/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p', 'r', 'o', 't',
'o', '\032', '\027', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'r', 'p', 'c', '/', 's', 't', 'a', 't', 'u', 's', '.', 'p', 'r', 'o', 't',
'o', '\"', '\302', '\001', '\n', '\t', 'E', 'v', 'a', 'l', 'S', 't', 'a', 't', 'e', '\022', ';', '\n', '\006', 'v', 'a', 'l', 'u', 'e', 's',
'\030', '\001', ' ', '\003', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e',
's', '\022', 'D', '\n', '\007', 'r', 'e', 's', 'u', 'l', 't', 's', '\030', '\003', ' ', '\003', '(', '\013', '2', '*', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'v', 'a', 'l',
'S', 't', 'a', 't', 'e', '.', 'R', 'e', 's', 'u', 'l', 't', 'R', '\007', 'r', 'e', 's', 'u', 'l', 't', 's', '\032', '2', '\n', '\006',
'R', 'e', 's', 'u', 'l', 't', '\022', '\022', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\004', 'e', 'x', 'p',
'r', '\022', '\024', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\003', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\"', '\312',
'\001', '\n', '\t', 'E', 'x', 'p', 'r', 'V', 'a', 'l', 'u', 'e', '\022', '7', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001',
'(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\022', ':', '\n', '\005', 'e', 'r',
'r', 'o', 'r', '\030', '\002', ' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'r', 'r', 'o', 'r', 'S', 'e', 't', 'H', '\000', 'R', '\005', 'e',
'r', 'r', 'o', 'r', '\022', '@', '\n', '\007', 'u', 'n', 'k', 'n', 'o', 'w', 'n', '\030', '\003', ' ', '\001', '(', '\013', '2', '$', '.', 'g',
'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'U',
'n', 'k', 'n', 'o', 'w', 'n', 'S', 'e', 't', 'H', '\000', 'R', '\007', 'u', 'n', 'k', 'n', 'o', 'w', 'n', 'B', '\006', '\n', '\004', 'k',
'i', 'n', 'd', '\"', '6', '\n', '\010', 'E', 'r', 'r', 'o', 'r', 'S', 'e', 't', '\022', '*', '\n', '\006', 'e', 'r', 'r', 'o', 'r', 's',
'\030', '\001', ' ', '\003', '(', '\013', '2', '\022', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'r', 'p', 'c', '.', 'S', 't', 'a', 't', 'u',
's', 'R', '\006', 'e', 'r', 'r', 'o', 'r', 's', '\"', '\"', '\n', '\n', 'U', 'n', 'k', 'n', 'o', 'w', 'n', 'S', 'e', 't', '\022', '\024',
'\n', '\005', 'e', 'x', 'p', 'r', 's', '\030', '\001', ' ', '\003', '(', '\003', 'R', '\005', 'e', 'x', 'p', 'r', 's', 'B', 'l', '\n', '\034', 'c',
'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h',
'a', '1', 'B', '\t', 'E', 'v', 'a', 'l', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g',
'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e',
'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x',
'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[3] = {
&google_api_expr_v1alpha1_value_proto_upbdefinit,
&google_rpc_status_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_eval_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_eval_proto_upb_file_layout,
"google/api/expr/v1alpha1/eval.proto",
UPB_STRVIEW_INIT(descriptor, 738)
};

@ -0,0 +1,55 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/eval.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_eval_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EvalState_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EvalState");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EvalState_Result_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EvalState.Result");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ExprValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ExprValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ErrorSet_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ErrorSet");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_UnknownSet_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_eval_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.UnknownSet");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_EVAL_PROTO_UPBDEFS_H_ */

@ -0,0 +1,44 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/explain.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/explain.upbdefs.h"
#include "google/api/expr/v1alpha1/explain.upb.h"
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit;
static const char descriptor[434] = {'\n', '&', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'e', 'x', 'p', 'l', 'a', 'i', 'n', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/',
'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p',
'r', 'o', 't', 'o', '\"', '\316', '\001', '\n', '\007', 'E', 'x', 'p', 'l', 'a', 'i', 'n', '\022', '7', '\n', '\006', 'v', 'a', 'l', 'u', 'e',
's', '\030', '\001', ' ', '\003', '(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\022', 'I',
'\n', '\n', 'e', 'x', 'p', 'r', '_', 's', 't', 'e', 'p', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '*', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'l',
'a', 'i', 'n', '.', 'E', 'x', 'p', 'r', 'S', 't', 'e', 'p', 'R', '\t', 'e', 'x', 'p', 'r', 'S', 't', 'e', 'p', 's', '\032', ';',
'\n', '\010', 'E', 'x', 'p', 'r', 'S', 't', 'e', 'p', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\002', 'i',
'd', '\022', '\037', '\n', '\013', 'v', 'a', 'l', 'u', 'e', '_', 'i', 'n', 'd', 'e', 'x', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\n', 'v',
'a', 'l', 'u', 'e', 'I', 'n', 'd', 'e', 'x', ':', '\002', '\030', '\001', 'B', 'o', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\014', 'E', 'x', 'p',
'l', 'a', 'i', 'n', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n',
'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's',
'/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001',
'\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[2] = {
&google_api_expr_v1alpha1_value_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_explain_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_explain_proto_upb_file_layout,
"google/api/expr/v1alpha1/explain.proto",
UPB_STRVIEW_INIT(descriptor, 434)
};

@ -0,0 +1,40 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/explain.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_explain_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Explain_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_explain_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Explain");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Explain_ExprStep_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_explain_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Explain.ExprStep");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_EXPLAIN_PROTO_UPBDEFS_H_ */

@ -0,0 +1,153 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/syntax.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/syntax.upbdefs.h"
#include "google/api/expr/v1alpha1/syntax.upb.h"
extern upb_def_init google_protobuf_duration_proto_upbdefinit;
extern upb_def_init google_protobuf_struct_proto_upbdefinit;
extern upb_def_init google_protobuf_timestamp_proto_upbdefinit;
static const char descriptor[3059] = {'\n', '%', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 's', 'y', 'n', 't', 'a', 'x', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p',
'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '\036', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p',
'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 'd', 'u', 'r', 'a', 't', 'i', 'o', 'n', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g',
'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o',
't', 'o', '\032', '\037', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 't', 'i', 'm', 'e', 's',
't', 'a', 'm', 'p', '.', 'p', 'r', 'o', 't', 'o', '\"', '\207', '\001', '\n', '\n', 'P', 'a', 'r', 's', 'e', 'd', 'E', 'x', 'p', 'r',
'\022', '2', '\n', '\004', 'e', 'x', 'p', 'r', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'e', 'x',
'p', 'r', '\022', 'E', '\n', '\013', 's', 'o', 'u', 'r', 'c', 'e', '_', 'i', 'n', 'f', 'o', '\030', '\003', ' ', '\001', '(', '\013', '2', '$',
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1',
'.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', 'R', '\n', 's', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\"', '\334',
'\014', '\n', '\004', 'E', 'x', 'p', 'r', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\002', ' ', '\001', '(', '\003', 'R', '\002', 'i', 'd', '\022', 'C',
'\n', '\n', 'c', 'o', 'n', 's', 't', '_', 'e', 'x', 'p', 'r', '\030', '\003', ' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'C', 'o', 'n', 's',
't', 'a', 'n', 't', 'H', '\000', 'R', '\t', 'c', 'o', 'n', 's', 't', 'E', 'x', 'p', 'r', '\022', 'E', '\n', '\n', 'i', 'd', 'e', 'n',
't', '_', 'e', 'x', 'p', 'r', '\030', '\004', ' ', '\001', '(', '\013', '2', '$', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'I', 'd', 'e', 'n', 't',
'H', '\000', 'R', '\t', 'i', 'd', 'e', 'n', 't', 'E', 'x', 'p', 'r', '\022', 'H', '\n', '\013', 's', 'e', 'l', 'e', 'c', 't', '_', 'e',
'x', 'p', 'r', '\030', '\005', ' ', '\001', '(', '\013', '2', '%', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'S', 'e', 'l', 'e', 'c', 't', 'H', '\000',
'R', '\n', 's', 'e', 'l', 'e', 'c', 't', 'E', 'x', 'p', 'r', '\022', 'B', '\n', '\t', 'c', 'a', 'l', 'l', '_', 'e', 'x', 'p', 'r',
'\030', '\006', ' ', '\001', '(', '\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'a', 'l', 'l', 'H', '\000', 'R', '\010', 'c', 'a', 'l',
'l', 'E', 'x', 'p', 'r', '\022', 'H', '\n', '\t', 'l', 'i', 's', 't', '_', 'e', 'x', 'p', 'r', '\030', '\007', ' ', '\001', '(', '\013', '2',
')', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r', 'e', 'a', 't', 'e', 'L', 'i', 's', 't', 'H', '\000', 'R', '\010', 'l', 'i', 's', 't',
'E', 'x', 'p', 'r', '\022', 'N', '\n', '\013', 's', 't', 'r', 'u', 'c', 't', '_', 'e', 'x', 'p', 'r', '\030', '\010', ' ', '\001', '(', '\013',
'2', '+', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h',
'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r', 'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', 'H', '\000', 'R', '\n', 's',
't', 'r', 'u', 'c', 't', 'E', 'x', 'p', 'r', '\022', ']', '\n', '\022', 'c', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o',
'n', '_', 'e', 'x', 'p', 'r', '\030', '\t', ' ', '\001', '(', '\013', '2', ',', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'o', 'm', 'p', 'r',
'e', 'h', 'e', 'n', 's', 'i', 'o', 'n', 'H', '\000', 'R', '\021', 'c', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o', 'n',
'E', 'x', 'p', 'r', '\032', '\033', '\n', '\005', 'I', 'd', 'e', 'n', 't', '\022', '\022', '\n', '\004', 'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001',
'(', '\t', 'R', '\004', 'n', 'a', 'm', 'e', '\032', 'u', '\n', '\006', 'S', 'e', 'l', 'e', 'c', 't', '\022', '8', '\n', '\007', 'o', 'p', 'e',
'r', 'a', 'n', 'd', '\030', '\001', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e',
'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\007', 'o', 'p', 'e', 'r', 'a', 'n',
'd', '\022', '\024', '\n', '\005', 'f', 'i', 'e', 'l', 'd', '\030', '\002', ' ', '\001', '(', '\t', 'R', '\005', 'f', 'i', 'e', 'l', 'd', '\022', '\033',
'\n', '\t', 't', 'e', 's', 't', '_', 'o', 'n', 'l', 'y', '\030', '\003', ' ', '\001', '(', '\010', 'R', '\010', 't', 'e', 's', 't', 'O', 'n',
'l', 'y', '\032', '\216', '\001', '\n', '\004', 'C', 'a', 'l', 'l', '\022', '6', '\n', '\006', 't', 'a', 'r', 'g', 'e', 't', '\030', '\001', ' ', '\001',
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\006', 't', 'a', 'r', 'g', 'e', 't', '\022', '\032', '\n', '\010', 'f', 'u', 'n', 'c',
't', 'i', 'o', 'n', '\030', '\002', ' ', '\001', '(', '\t', 'R', '\010', 'f', 'u', 'n', 'c', 't', 'i', 'o', 'n', '\022', '2', '\n', '\004', 'a',
'r', 'g', 's', '\030', '\003', ' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x',
'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\004', 'a', 'r', 'g', 's', '\032', 'H', '\n',
'\n', 'C', 'r', 'e', 'a', 't', 'e', 'L', 'i', 's', 't', '\022', ':', '\n', '\010', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '\030', '\001',
' ', '\003', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\010', 'e', 'l', 'e', 'm', 'e', 'n', 't', 's', '\032', '\264', '\002', '\n',
'\014', 'C', 'r', 'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', '\022', '!', '\n', '\014', 'm', 'e', 's', 's', 'a', 'g', 'e', '_',
'n', 'a', 'm', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\013', 'm', 'e', 's', 's', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '\022', 'K',
'\n', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\030', '\002', ' ', '\003', '(', '\013', '2', '1', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.',
'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', '.', 'C', 'r',
'e', 'a', 't', 'e', 'S', 't', 'r', 'u', 'c', 't', '.', 'E', 'n', 't', 'r', 'y', 'R', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's',
'\032', '\263', '\001', '\n', '\005', 'E', 'n', 't', 'r', 'y', '\022', '\016', '\n', '\002', 'i', 'd', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\002', 'i',
'd', '\022', '\035', '\n', '\t', 'f', 'i', 'e', 'l', 'd', '_', 'k', 'e', 'y', '\030', '\002', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\010', 'f',
'i', 'e', 'l', 'd', 'K', 'e', 'y', '\022', '9', '\n', '\007', 'm', 'a', 'p', '_', 'k', 'e', 'y', '\030', '\003', ' ', '\001', '(', '\013', '2',
'\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '.', 'E', 'x', 'p', 'r', 'H', '\000', 'R', '\006', 'm', 'a', 'p', 'K', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u', 'e',
'\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.',
'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', '\n', '\n', '\010', 'k',
'e', 'y', '_', 'k', 'i', 'n', 'd', '\032', '\375', '\002', '\n', '\r', 'C', 'o', 'm', 'p', 'r', 'e', 'h', 'e', 'n', 's', 'i', 'o', 'n',
'\022', '\031', '\n', '\010', 'i', 't', 'e', 'r', '_', 'v', 'a', 'r', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\007', 'i', 't', 'e', 'r', 'V',
'a', 'r', '\022', '=', '\n', '\n', 'i', 't', 'e', 'r', '_', 'r', 'a', 'n', 'g', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'E', 'x', 'p', 'r', 'R', '\t', 'i', 't', 'e', 'r', 'R', 'a', 'n', 'g', 'e', '\022', '\031', '\n', '\010', 'a', 'c', 'c', 'u', '_', 'v',
'a', 'r', '\030', '\003', ' ', '\001', '(', '\t', 'R', '\007', 'a', 'c', 'c', 'u', 'V', 'a', 'r', '\022', ';', '\n', '\t', 'a', 'c', 'c', 'u',
'_', 'i', 'n', 'i', 't', '\030', '\004', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.',
'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\010', 'a', 'c', 'c', 'u', 'I',
'n', 'i', 't', '\022', 'E', '\n', '\016', 'l', 'o', 'o', 'p', '_', 'c', 'o', 'n', 'd', 'i', 't', 'i', 'o', 'n', '\030', '\005', ' ', '\001',
'(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\r', 'l', 'o', 'o', 'p', 'C', 'o', 'n', 'd', 'i', 't', 'i', 'o', 'n', '\022',
';', '\n', '\t', 'l', 'o', 'o', 'p', '_', 's', 't', 'e', 'p', '\030', '\006', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r',
'R', '\010', 'l', 'o', 'o', 'p', 'S', 't', 'e', 'p', '\022', '6', '\n', '\006', 'r', 'e', 's', 'u', 'l', 't', '\030', '\007', ' ', '\001', '(',
'\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\006', 'r', 'e', 's', 'u', 'l', 't', 'B', '\013', '\n', '\t', 'e', 'x', 'p', 'r', '_',
'k', 'i', 'n', 'd', '\"', '\301', '\003', '\n', '\010', 'C', 'o', 'n', 's', 't', 'a', 'n', 't', '\022', ';', '\n', '\n', 'n', 'u', 'l', 'l',
'_', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001', '(', '\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o',
't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'n', 'u', 'l', 'l', 'V', 'a',
'l', 'u', 'e', '\022', '\037', '\n', '\n', 'b', 'o', 'o', 'l', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\010', 'H', '\000',
'R', '\t', 'b', 'o', 'o', 'l', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u',
'e', '\030', '\003', ' ', '\001', '(', '\003', 'H', '\000', 'R', '\n', 'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014',
'u', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\004', ' ', '\001', '(', '\004', 'H', '\000', 'R', '\013', 'u', 'i', 'n',
't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 'd', 'o', 'u', 'b', 'l', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030',
'\005', ' ', '\001', '(', '\001', 'H', '\000', 'R', '\013', 'd', 'o', 'u', 'b', 'l', 'e', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 's',
't', 'r', 'i', 'n', 'g', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\006', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 's', 't', 'r', 'i',
'n', 'g', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013', 'b', 'y', 't', 'e', 's', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\007', ' ',
'\001', '(', '\014', 'H', '\000', 'R', '\n', 'b', 'y', 't', 'e', 's', 'V', 'a', 'l', 'u', 'e', '\022', 'F', '\n', '\016', 'd', 'u', 'r', 'a',
't', 'i', 'o', 'n', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\010', ' ', '\001', '(', '\013', '2', '\031', '.', 'g', 'o', 'o', 'g', 'l', 'e',
'.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'D', 'u', 'r', 'a', 't', 'i', 'o', 'n', 'B', '\002', '\030', '\001', 'H', '\000', 'R',
'\r', 'd', 'u', 'r', 'a', 't', 'i', 'o', 'n', 'V', 'a', 'l', 'u', 'e', '\022', 'I', '\n', '\017', 't', 'i', 'm', 'e', 's', 't', 'a',
'm', 'p', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\t', ' ', '\001', '(', '\013', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p',
'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'T', 'i', 'm', 'e', 's', 't', 'a', 'm', 'p', 'B', '\002', '\030', '\001', 'H', '\000', 'R', '\016',
't', 'i', 'm', 'e', 's', 't', 'a', 'm', 'p', 'V', 'a', 'l', 'u', 'e', 'B', '\017', '\n', '\r', 'c', 'o', 'n', 's', 't', 'a', 'n',
't', '_', 'k', 'i', 'n', 'd', '\"', '\271', '\003', '\n', '\n', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '\022', '%', '\n', '\016',
's', 'y', 'n', 't', 'a', 'x', '_', 'v', 'e', 'r', 's', 'i', 'o', 'n', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\r', 's', 'y', 'n',
't', 'a', 'x', 'V', 'e', 'r', 's', 'i', 'o', 'n', '\022', '\032', '\n', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\030', '\002', ' ',
'\001', '(', '\t', 'R', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\022', '!', '\n', '\014', 'l', 'i', 'n', 'e', '_', 'o', 'f', 'f',
's', 'e', 't', 's', '\030', '\003', ' ', '\003', '(', '\005', 'R', '\013', 'l', 'i', 'n', 'e', 'O', 'f', 'f', 's', 'e', 't', 's', '\022', 'Q',
'\n', '\t', 'p', 'o', 's', 'i', 't', 'i', 'o', 'n', 's', '\030', '\004', ' ', '\003', '(', '\013', '2', '3', '.', 'g', 'o', 'o', 'g', 'l',
'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'S', 'o', 'u', 'r', 'c',
'e', 'I', 'n', 'f', 'o', '.', 'P', 'o', 's', 'i', 't', 'i', 'o', 'n', 's', 'E', 'n', 't', 'r', 'y', 'R', '\t', 'p', 'o', 's',
'i', 't', 'i', 'o', 'n', 's', '\022', 'U', '\n', '\013', 'm', 'a', 'c', 'r', 'o', '_', 'c', 'a', 'l', 'l', 's', '\030', '\005', ' ', '\003',
'(', '\013', '2', '4', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l',
'p', 'h', 'a', '1', '.', 'S', 'o', 'u', 'r', 'c', 'e', 'I', 'n', 'f', 'o', '.', 'M', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l',
's', 'E', 'n', 't', 'r', 'y', 'R', '\n', 'm', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l', 's', '\032', '<', '\n', '\016', 'P', 'o', 's',
'i', 't', 'i', 'o', 'n', 's', 'E', 'n', 't', 'r', 'y', '\022', '\020', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R',
'\003', 'k', 'e', 'y', '\022', '\024', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\005', 'v', 'a', 'l', 'u',
'e', ':', '\002', '8', '\001', '\032', ']', '\n', '\017', 'M', 'a', 'c', 'r', 'o', 'C', 'a', 'l', 'l', 's', 'E', 'n', 't', 'r', 'y', '\022',
'\020', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\003', 'R', '\003', 'k', 'e', 'y', '\022', '4', '\n', '\005', 'v', 'a', 'l', 'u',
'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\036', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r',
'.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'E', 'x', 'p', 'r', 'R', '\005', 'v', 'a', 'l', 'u', 'e', ':', '\002', '8', '\001',
'\"', 'p', '\n', '\016', 'S', 'o', 'u', 'r', 'c', 'e', 'P', 'o', 's', 'i', 't', 'i', 'o', 'n', '\022', '\032', '\n', '\010', 'l', 'o', 'c',
'a', 't', 'i', 'o', 'n', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\010', 'l', 'o', 'c', 'a', 't', 'i', 'o', 'n', '\022', '\026', '\n', '\006',
'o', 'f', 'f', 's', 'e', 't', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\006', 'o', 'f', 'f', 's', 'e', 't', '\022', '\022', '\n', '\004', 'l',
'i', 'n', 'e', '\030', '\003', ' ', '\001', '(', '\005', 'R', '\004', 'l', 'i', 'n', 'e', '\022', '\026', '\n', '\006', 'c', 'o', 'l', 'u', 'm', 'n',
'\030', '\004', ' ', '\001', '(', '\005', 'R', '\006', 'c', 'o', 'l', 'u', 'm', 'n', 'B', 'n', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o',
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\013', 'S', 'y',
'n', 't', 'a', 'x', 'P', 'r', 'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n',
'g', '.', 'o', 'r', 'g', '/', 'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's',
'/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001',
'\001', 'b', '\006', 'p', 'r', 'o', 't', 'o', '3',
};
static upb_def_init *deps[4] = {
&google_protobuf_duration_proto_upbdefinit,
&google_protobuf_struct_proto_upbdefinit,
&google_protobuf_timestamp_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_syntax_proto_upb_file_layout,
"google/api/expr/v1alpha1/syntax.proto",
UPB_STRVIEW_INIT(descriptor, 3059)
};

@ -0,0 +1,100 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/syntax.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_syntax_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ParsedExpr_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ParsedExpr");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Ident_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Ident");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Select_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Select");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Call_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Call");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateList_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateList");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateStruct_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateStruct");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_CreateStruct_Entry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.CreateStruct.Entry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Expr_Comprehension_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Expr.Comprehension");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Constant_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Constant");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_PositionsEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo.PositionsEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourceInfo_MacroCallsEntry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourceInfo.MacroCallsEntry");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_SourcePosition_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_syntax_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.SourcePosition");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_SYNTAX_PROTO_UPBDEFS_H_ */

@ -0,0 +1,75 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/value.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#include "upb/def.h"
#include "google/api/expr/v1alpha1/value.upbdefs.h"
#include "google/api/expr/v1alpha1/value.upb.h"
extern upb_def_init google_protobuf_any_proto_upbdefinit;
extern upb_def_init google_protobuf_struct_proto_upbdefinit;
static const char descriptor[1153] = {'\n', '$', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'a', 'p', 'i', '/', 'e', 'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a',
'1', '/', 'v', 'a', 'l', 'u', 'e', '.', 'p', 'r', 'o', 't', 'o', '\022', '\030', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i',
'.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '\032', '\031', 'g', 'o', 'o', 'g', 'l', 'e', '/', 'p', 'r',
'o', 't', 'o', 'b', 'u', 'f', '/', 'a', 'n', 'y', '.', 'p', 'r', 'o', 't', 'o', '\032', '\034', 'g', 'o', 'o', 'g', 'l', 'e', '/',
'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '/', 's', 't', 'r', 'u', 'c', 't', '.', 'p', 'r', 'o', 't', 'o', '\"', '\315', '\004', '\n',
'\005', 'V', 'a', 'l', 'u', 'e', '\022', ';', '\n', '\n', 'n', 'u', 'l', 'l', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\001', ' ', '\001', '(',
'\016', '2', '\032', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'N', 'u', 'l', 'l', 'V',
'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'n', 'u', 'l', 'l', 'V', 'a', 'l', 'u', 'e', '\022', '\037', '\n', '\n', 'b', 'o', 'o', 'l',
'_', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\010', 'H', '\000', 'R', '\t', 'b', 'o', 'o', 'l', 'V', 'a', 'l', 'u', 'e',
'\022', '!', '\n', '\013', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\003', ' ', '\001', '(', '\003', 'H', '\000', 'R', '\n',
'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 'u', 'i', 'n', 't', '6', '4', '_', 'v', 'a', 'l', 'u',
'e', '\030', '\004', ' ', '\001', '(', '\004', 'H', '\000', 'R', '\013', 'u', 'i', 'n', 't', '6', '4', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n',
'\014', 'd', 'o', 'u', 'b', 'l', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\005', ' ', '\001', '(', '\001', 'H', '\000', 'R', '\013', 'd', 'o',
'u', 'b', 'l', 'e', 'V', 'a', 'l', 'u', 'e', '\022', '#', '\n', '\014', 's', 't', 'r', 'i', 'n', 'g', '_', 'v', 'a', 'l', 'u', 'e',
'\030', '\006', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\013', 's', 't', 'r', 'i', 'n', 'g', 'V', 'a', 'l', 'u', 'e', '\022', '!', '\n', '\013',
'b', 'y', 't', 'e', 's', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\007', ' ', '\001', '(', '\014', 'H', '\000', 'R', '\n', 'b', 'y', 't', 'e',
's', 'V', 'a', 'l', 'u', 'e', '\022', 'D', '\n', '\n', 'e', 'n', 'u', 'm', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\t', ' ', '\001', '(',
'\013', '2', '#', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p',
'h', 'a', '1', '.', 'E', 'n', 'u', 'm', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'e', 'n', 'u', 'm', 'V', 'a', 'l', 'u',
'e', '\022', '9', '\n', '\014', 'o', 'b', 'j', 'e', 'c', 't', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\n', ' ', '\001', '(', '\013', '2', '\024',
'.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'p', 'r', 'o', 't', 'o', 'b', 'u', 'f', '.', 'A', 'n', 'y', 'H', '\000', 'R', '\013', 'o',
'b', 'j', 'e', 'c', 't', 'V', 'a', 'l', 'u', 'e', '\022', 'A', '\n', '\t', 'm', 'a', 'p', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\013',
' ', '\001', '(', '\013', '2', '\"', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1',
'a', 'l', 'p', 'h', 'a', '1', '.', 'M', 'a', 'p', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\010', 'm', 'a', 'p', 'V', 'a', 'l',
'u', 'e', '\022', 'D', '\n', '\n', 'l', 'i', 's', 't', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\014', ' ', '\001', '(', '\013', '2', '#', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'L', 'i', 's', 't', 'V', 'a', 'l', 'u', 'e', 'H', '\000', 'R', '\t', 'l', 'i', 's', 't', 'V', 'a', 'l', 'u', 'e', '\022', '\037', '\n',
'\n', 't', 'y', 'p', 'e', '_', 'v', 'a', 'l', 'u', 'e', '\030', '\017', ' ', '\001', '(', '\t', 'H', '\000', 'R', '\t', 't', 'y', 'p', 'e',
'V', 'a', 'l', 'u', 'e', 'B', '\006', '\n', '\004', 'k', 'i', 'n', 'd', '\"', '5', '\n', '\t', 'E', 'n', 'u', 'm', 'V', 'a', 'l', 'u',
'e', '\022', '\022', '\n', '\004', 't', 'y', 'p', 'e', '\030', '\001', ' ', '\001', '(', '\t', 'R', '\004', 't', 'y', 'p', 'e', '\022', '\024', '\n', '\005',
'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\005', 'R', '\005', 'v', 'a', 'l', 'u', 'e', '\"', 'D', '\n', '\t', 'L', 'i', 's',
't', 'V', 'a', 'l', 'u', 'e', '\022', '7', '\n', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\030', '\001', ' ', '\003', '(', '\013', '2', '\037', '.',
'g', 'o', 'o', 'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.',
'V', 'a', 'l', 'u', 'e', 'R', '\006', 'v', 'a', 'l', 'u', 'e', 's', '\"', '\301', '\001', '\n', '\010', 'M', 'a', 'p', 'V', 'a', 'l', 'u',
'e', '\022', 'B', '\n', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\030', '\001', ' ', '\003', '(', '\013', '2', '(', '.', 'g', 'o', 'o', 'g',
'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'M', 'a', 'p', 'V',
'a', 'l', 'u', 'e', '.', 'E', 'n', 't', 'r', 'y', 'R', '\007', 'e', 'n', 't', 'r', 'i', 'e', 's', '\032', 'q', '\n', '\005', 'E', 'n',
't', 'r', 'y', '\022', '1', '\n', '\003', 'k', 'e', 'y', '\030', '\001', ' ', '\001', '(', '\013', '2', '\037', '.', 'g', 'o', 'o', 'g', 'l', 'e',
'.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l', 'u', 'e', 'R',
'\003', 'k', 'e', 'y', '\022', '5', '\n', '\005', 'v', 'a', 'l', 'u', 'e', '\030', '\002', ' ', '\001', '(', '\013', '2', '\037', '.', 'g', 'o', 'o',
'g', 'l', 'e', '.', 'a', 'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', '.', 'V', 'a', 'l',
'u', 'e', 'R', '\005', 'v', 'a', 'l', 'u', 'e', 'B', 'm', '\n', '\034', 'c', 'o', 'm', '.', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'a',
'p', 'i', '.', 'e', 'x', 'p', 'r', '.', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', 'B', '\n', 'V', 'a', 'l', 'u', 'e', 'P', 'r',
'o', 't', 'o', 'P', '\001', 'Z', '<', 'g', 'o', 'o', 'g', 'l', 'e', '.', 'g', 'o', 'l', 'a', 'n', 'g', '.', 'o', 'r', 'g', '/',
'g', 'e', 'n', 'p', 'r', 'o', 't', 'o', '/', 'g', 'o', 'o', 'g', 'l', 'e', 'a', 'p', 'i', 's', '/', 'a', 'p', 'i', '/', 'e',
'x', 'p', 'r', '/', 'v', '1', 'a', 'l', 'p', 'h', 'a', '1', ';', 'e', 'x', 'p', 'r', '\370', '\001', '\001', 'b', '\006', 'p', 'r', 'o',
't', 'o', '3',
};
static upb_def_init *deps[3] = {
&google_protobuf_any_proto_upbdefinit,
&google_protobuf_struct_proto_upbdefinit,
NULL
};
upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit = {
deps,
&google_api_expr_v1alpha1_value_proto_upb_file_layout,
"google/api/expr/v1alpha1/value.proto",
UPB_STRVIEW_INIT(descriptor, 1153)
};

@ -0,0 +1,55 @@
/* This file was generated by upbc (the upb compiler) from the input
* file:
*
* google/api/expr/v1alpha1/value.proto
*
* Do not edit -- your changes will be discarded when the file is
* regenerated. */
#ifndef GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_
#define GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_
#include "upb/def.h"
#include "upb/port_def.inc"
#ifdef __cplusplus
extern "C" {
#endif
#include "upb/def.h"
#include "upb/port_def.inc"
extern upb_def_init google_api_expr_v1alpha1_value_proto_upbdefinit;
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_Value_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.Value");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_EnumValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.EnumValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_ListValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.ListValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_MapValue_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.MapValue");
}
UPB_INLINE const upb_msgdef *google_api_expr_v1alpha1_MapValue_Entry_getmsgdef(upb_symtab *s) {
_upb_symtab_loaddefinit(s, &google_api_expr_v1alpha1_value_proto_upbdefinit);
return upb_symtab_lookupmsg(s, "google.api.expr.v1alpha1.MapValue.Entry");
}
#ifdef __cplusplus
} /* extern "C" */
#endif
#include "upb/port_undef.inc"
#endif /* GOOGLE_API_EXPR_V1ALPHA1_VALUE_PROTO_UPBDEFS_H_ */

@ -22,6 +22,7 @@
#include "envoy/extensions/filters/http/router/v3/router.upbdefs.h" #include "envoy/extensions/filters/http/router/v3/router.upbdefs.h"
#include "src/core/ext/xds/xds_http_fault_filter.h" #include "src/core/ext/xds/xds_http_fault_filter.h"
#include "src/core/ext/xds/xds_http_rbac_filter.h"
namespace grpc_core { namespace grpc_core {
@ -106,6 +107,10 @@ void XdsHttpFilterRegistry::Init() {
{kXdsHttpRouterFilterConfigName}); {kXdsHttpRouterFilterConfigName});
RegisterFilter(absl::make_unique<XdsHttpFaultFilter>(), RegisterFilter(absl::make_unique<XdsHttpFaultFilter>(),
{kXdsHttpFaultFilterConfigName}); {kXdsHttpFaultFilterConfigName});
RegisterFilter(absl::make_unique<XdsHttpRbacFilter>(),
{kXdsHttpRbacFilterConfigName});
RegisterFilter(absl::make_unique<XdsHttpRbacFilter>(),
{kXdsHttpRbacFilterConfigOverrideName});
} }
void XdsHttpFilterRegistry::Shutdown() { void XdsHttpFilterRegistry::Shutdown() {

@ -0,0 +1,551 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include <grpc/support/port_platform.h>
#include "src/core/ext/xds/xds_http_rbac_filter.h"
#include "absl/strings/str_format.h"
#include "envoy/config/core/v3/address.upb.h"
#include "envoy/config/rbac/v3/rbac.upb.h"
#include "envoy/config/route/v3/route_components.upb.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upb.h"
#include "envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h"
#include "envoy/type/matcher/v3/path.upb.h"
#include "envoy/type/matcher/v3/regex.upb.h"
#include "envoy/type/matcher/v3/string.upb.h"
#include "envoy/type/v3/range.upb.h"
#include "google/protobuf/wrappers.upb.h"
#include "src/core/ext/filters/rbac/rbac_filter.h"
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include "src/core/ext/xds/upb_utils.h"
#include "src/core/lib/channel/channel_args.h"
namespace grpc_core {
const char* kXdsHttpRbacFilterConfigName =
"envoy.extensions.filters.http.rbac.v3.RBAC";
const char* kXdsHttpRbacFilterConfigOverrideName =
"envoy.extensions.filters.http.rbac.v3.RBACPerRoute";
namespace {
Json ParseRegexMatcherToJson(
const envoy_type_matcher_v3_RegexMatcher* regex_matcher) {
return Json::Object(
{{"regex", UpbStringToStdString(envoy_type_matcher_v3_RegexMatcher_regex(
regex_matcher))}});
}
Json ParseInt64RangeToJson(const envoy_type_v3_Int64Range* range) {
return Json::Object{{"start", envoy_type_v3_Int64Range_start(range)},
{"end", envoy_type_v3_Int64Range_end(range)}};
}
absl::StatusOr<Json> ParseHeaderMatcherToJson(
const envoy_config_route_v3_HeaderMatcher* header) {
Json::Object header_json;
std::vector<absl::Status> error_list;
std::string name =
UpbStringToStdString(envoy_config_route_v3_HeaderMatcher_name(header));
if (name == ":scheme") {
error_list.push_back(
absl::InvalidArgumentError("':scheme' not allowed in header"));
} else if (absl::StartsWith(name, "grpc-")) {
error_list.push_back(
absl::InvalidArgumentError("'grpc-' prefixes not allowed in header"));
}
header_json.emplace("name", std::move(name));
if (envoy_config_route_v3_HeaderMatcher_has_exact_match(header)) {
header_json.emplace(
"exactMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_exact_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_safe_regex_match(header)) {
header_json.emplace(
"safeRegexMatch",
ParseRegexMatcherToJson(
envoy_config_route_v3_HeaderMatcher_safe_regex_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_range_match(header)) {
header_json.emplace(
"rangeMatch",
ParseInt64RangeToJson(
envoy_config_route_v3_HeaderMatcher_range_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_present_match(header)) {
header_json.emplace(
"presentMatch",
envoy_config_route_v3_HeaderMatcher_present_match(header));
} else if (envoy_config_route_v3_HeaderMatcher_has_prefix_match(header)) {
header_json.emplace(
"prefixMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_prefix_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_suffix_match(header)) {
header_json.emplace(
"suffixMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_suffix_match(header)));
} else if (envoy_config_route_v3_HeaderMatcher_has_contains_match(header)) {
header_json.emplace(
"containsMatch",
UpbStringToStdString(
envoy_config_route_v3_HeaderMatcher_contains_match(header)));
} else {
error_list.push_back(
absl::InvalidArgumentError("Invalid route header matcher specified."));
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing HeaderMatcher", DEBUG_LOCATION,
std::move(error_list));
}
header_json.emplace("invertMatch",
envoy_config_route_v3_HeaderMatcher_invert_match(header));
return header_json;
}
absl::StatusOr<Json> ParseStringMatcherToJson(
const envoy_type_matcher_v3_StringMatcher* matcher) {
Json::Object json;
if (envoy_type_matcher_v3_StringMatcher_has_exact(matcher)) {
json.emplace("exact",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_exact(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_prefix(matcher)) {
json.emplace("prefix",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_prefix(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_suffix(matcher)) {
json.emplace("suffix",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_suffix(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_safe_regex(matcher)) {
json.emplace("safeRegex",
ParseRegexMatcherToJson(
envoy_type_matcher_v3_StringMatcher_safe_regex(matcher)));
} else if (envoy_type_matcher_v3_StringMatcher_has_contains(matcher)) {
json.emplace("contains",
UpbStringToStdString(
envoy_type_matcher_v3_StringMatcher_contains(matcher)));
} else {
return absl::InvalidArgumentError("StringMatcher: Invalid match pattern");
}
json.emplace("ignoreCase",
envoy_type_matcher_v3_StringMatcher_ignore_case(matcher));
return json;
}
absl::StatusOr<Json> ParsePathMatcherToJson(
const envoy_type_matcher_v3_PathMatcher* matcher) {
const auto* path = envoy_type_matcher_v3_PathMatcher_path(matcher);
if (path == nullptr) {
return absl::InvalidArgumentError("PathMatcher has empty path");
}
Json::Object json;
auto path_json = ParseStringMatcherToJson(path);
if (!path_json.ok()) {
return path_json;
}
json.emplace("path", std::move(*path_json));
return json;
}
Json ParseUInt32ValueToJson(const google_protobuf_UInt32Value* value) {
return Json::Object{{"value", google_protobuf_UInt32Value_value(value)}};
}
Json ParseCidrRangeToJson(const envoy_config_core_v3_CidrRange* range) {
Json::Object json;
json.emplace("addressPrefix",
UpbStringToStdString(
envoy_config_core_v3_CidrRange_address_prefix(range)));
const auto* prefix_len = envoy_config_core_v3_CidrRange_prefix_len(range);
if (prefix_len != nullptr) {
json.emplace("prefixLen", ParseUInt32ValueToJson(prefix_len));
}
return json;
}
absl::StatusOr<Json> ParsePermissionToJson(
const envoy_config_rbac_v3_Permission* permission) {
Json::Object permission_json;
// Helper function to parse Permission::Set to JSON. Used by `and_rules` and
// `or_rules`.
auto parse_permission_set_to_json =
[](const envoy_config_rbac_v3_Permission_Set* set)
-> absl::StatusOr<Json> {
std::vector<absl::Status> error_list;
Json::Array rules_json;
size_t size;
const envoy_config_rbac_v3_Permission* const* rules =
envoy_config_rbac_v3_Permission_Set_rules(set, &size);
for (size_t i = 0; i < size; ++i) {
auto permission_json = ParsePermissionToJson(rules[i]);
if (!permission_json.ok()) {
error_list.push_back(permission_json.status());
} else {
rules_json.emplace_back(std::move(*permission_json));
}
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing Set", DEBUG_LOCATION,
std::move(error_list));
}
return Json::Object({{"rules", std::move(rules_json)}});
};
if (envoy_config_rbac_v3_Permission_has_and_rules(permission)) {
const auto* and_rules =
envoy_config_rbac_v3_Permission_and_rules(permission);
auto permission_set_json = parse_permission_set_to_json(and_rules);
if (!permission_set_json.ok()) {
return permission_set_json;
}
permission_json.emplace("andRules", std::move(*permission_set_json));
} else if (envoy_config_rbac_v3_Permission_has_or_rules(permission)) {
const auto* or_rules = envoy_config_rbac_v3_Permission_or_rules(permission);
auto permission_set_json = parse_permission_set_to_json(or_rules);
if (!permission_set_json.ok()) {
return permission_set_json;
}
permission_json.emplace("orRules", std::move(*permission_set_json));
} else if (envoy_config_rbac_v3_Permission_has_any(permission)) {
permission_json.emplace("any",
envoy_config_rbac_v3_Permission_any(permission));
} else if (envoy_config_rbac_v3_Permission_has_header(permission)) {
auto header_json = ParseHeaderMatcherToJson(
envoy_config_rbac_v3_Permission_header(permission));
if (!header_json.ok()) {
return header_json;
}
permission_json.emplace("header", std::move(*header_json));
} else if (envoy_config_rbac_v3_Permission_has_url_path(permission)) {
auto url_path_json = ParsePathMatcherToJson(
envoy_config_rbac_v3_Permission_url_path(permission));
if (!url_path_json.ok()) {
return url_path_json;
}
permission_json.emplace("urlPath", std::move(*url_path_json));
} else if (envoy_config_rbac_v3_Permission_has_destination_ip(permission)) {
permission_json.emplace(
"destinationIp",
ParseCidrRangeToJson(
envoy_config_rbac_v3_Permission_destination_ip(permission)));
} else if (envoy_config_rbac_v3_Permission_has_destination_port(permission)) {
permission_json.emplace(
"destinationPort",
envoy_config_rbac_v3_Permission_destination_port(permission));
} else if (envoy_config_rbac_v3_Permission_has_metadata(permission)) {
// Not parsing metadata even if its present since it is not relevant to
// gRPC.
permission_json.emplace("metadata", Json::Object());
} else if (envoy_config_rbac_v3_Permission_has_not_rule(permission)) {
auto not_rule_json = ParsePermissionToJson(
envoy_config_rbac_v3_Permission_not_rule(permission));
if (!not_rule_json.ok()) {
return not_rule_json;
}
permission_json.emplace("notRule", std::move(*not_rule_json));
} else if (envoy_config_rbac_v3_Permission_has_requested_server_name(
permission)) {
auto requested_server_name_json = ParseStringMatcherToJson(
envoy_config_rbac_v3_Permission_requested_server_name(permission));
if (!requested_server_name_json.ok()) {
return requested_server_name_json;
}
permission_json.emplace("requestedServerName",
std::move(*requested_server_name_json));
} else {
return absl::InvalidArgumentError("Permission: Invalid rule");
}
return permission_json;
}
absl::StatusOr<Json> ParsePrincipalToJson(
const envoy_config_rbac_v3_Principal* principal) {
Json::Object principal_json;
// Helper function to parse Principal::Set to JSON. Used by `and_ids` and
// `or_ids`.
auto parse_principal_set_to_json =
[](const envoy_config_rbac_v3_Principal_Set* set)
-> absl::StatusOr<Json> {
Json::Object json;
std::vector<absl::Status> error_list;
Json::Array ids_json;
size_t size;
const envoy_config_rbac_v3_Principal* const* ids =
envoy_config_rbac_v3_Principal_Set_ids(set, &size);
for (size_t i = 0; i < size; ++i) {
auto principal_json = ParsePrincipalToJson(ids[i]);
if (!principal_json.ok()) {
error_list.push_back(principal_json.status());
} else {
ids_json.emplace_back(std::move(*principal_json));
}
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing Set", DEBUG_LOCATION,
std::move(error_list));
}
return Json::Object({{"ids", std::move(ids_json)}});
};
if (envoy_config_rbac_v3_Principal_has_and_ids(principal)) {
const auto* and_rules = envoy_config_rbac_v3_Principal_and_ids(principal);
auto principal_set_json = parse_principal_set_to_json(and_rules);
if (!principal_set_json.ok()) {
return principal_set_json;
}
principal_json.emplace("andIds", std::move(*principal_set_json));
} else if (envoy_config_rbac_v3_Principal_has_or_ids(principal)) {
const auto* or_rules = envoy_config_rbac_v3_Principal_or_ids(principal);
auto principal_set_json = parse_principal_set_to_json(or_rules);
if (!principal_set_json.ok()) {
return principal_set_json;
}
principal_json.emplace("orIds", std::move(*principal_set_json));
} else if (envoy_config_rbac_v3_Principal_has_any(principal)) {
principal_json.emplace("any",
envoy_config_rbac_v3_Principal_any(principal));
} else if (envoy_config_rbac_v3_Principal_has_authenticated(principal)) {
auto* authenticated_json =
principal_json.emplace("authenticated", Json::Object())
.first->second.mutable_object();
const auto* principal_name =
envoy_config_rbac_v3_Principal_Authenticated_principal_name(
envoy_config_rbac_v3_Principal_authenticated(principal));
if (principal_name != nullptr) {
auto principal_name_json = ParseStringMatcherToJson(principal_name);
if (!principal_name_json.ok()) {
return principal_name_json;
}
authenticated_json->emplace("principalName",
std::move(*principal_name_json));
}
} else if (envoy_config_rbac_v3_Principal_has_source_ip(principal)) {
principal_json.emplace(
"sourceIp", ParseCidrRangeToJson(
envoy_config_rbac_v3_Principal_source_ip(principal)));
} else if (envoy_config_rbac_v3_Principal_has_direct_remote_ip(principal)) {
principal_json.emplace(
"directRemoteIp",
ParseCidrRangeToJson(
envoy_config_rbac_v3_Principal_direct_remote_ip(principal)));
} else if (envoy_config_rbac_v3_Principal_has_remote_ip(principal)) {
principal_json.emplace(
"remoteIp", ParseCidrRangeToJson(
envoy_config_rbac_v3_Principal_remote_ip(principal)));
} else if (envoy_config_rbac_v3_Principal_has_header(principal)) {
auto header_json = ParseHeaderMatcherToJson(
envoy_config_rbac_v3_Principal_header(principal));
if (!header_json.ok()) {
return header_json;
}
principal_json.emplace("header", std::move(*header_json));
} else if (envoy_config_rbac_v3_Principal_has_url_path(principal)) {
auto url_path_json = ParsePathMatcherToJson(
envoy_config_rbac_v3_Principal_url_path(principal));
if (!url_path_json.ok()) {
return url_path_json;
}
principal_json.emplace("urlPath", std::move(*url_path_json));
} else if (envoy_config_rbac_v3_Principal_has_metadata(principal)) {
// Not parsing metadata even if its present since it is not relevant to
// gRPC.
principal_json.emplace("metadata", Json::Object());
} else if (envoy_config_rbac_v3_Principal_has_not_id(principal)) {
auto not_id_json =
ParsePrincipalToJson(envoy_config_rbac_v3_Principal_not_id(principal));
if (!not_id_json.ok()) {
return not_id_json;
}
principal_json.emplace("notId", std::move(*not_id_json));
} else {
return absl::InvalidArgumentError("Principal: Invalid rule");
}
return principal_json;
}
absl::StatusOr<Json> ParsePolicyToJson(
const envoy_config_rbac_v3_Policy* policy) {
Json::Object policy_json;
std::vector<absl::Status> error_list;
size_t size;
Json::Array permissions_json;
const envoy_config_rbac_v3_Permission* const* permissions =
envoy_config_rbac_v3_Policy_permissions(policy, &size);
for (size_t i = 0; i < size; ++i) {
auto permission_json = ParsePermissionToJson(permissions[i]);
if (!permission_json.ok()) {
error_list.push_back(permission_json.status());
} else {
permissions_json.emplace_back(std::move(*permission_json));
}
}
policy_json.emplace("permissions", std::move(permissions_json));
Json::Array principals_json;
const envoy_config_rbac_v3_Principal* const* principals =
envoy_config_rbac_v3_Policy_principals(policy, &size);
for (size_t i = 0; i < size; ++i) {
auto principal_json = ParsePrincipalToJson(principals[i]);
if (!principal_json.ok()) {
error_list.push_back(principal_json.status());
} else {
principals_json.emplace_back(std::move(*principal_json));
}
}
policy_json.emplace("principals", std::move(principals_json));
if (envoy_config_rbac_v3_Policy_has_condition(policy)) {
error_list.push_back(
absl::InvalidArgumentError("Policy: condition not supported"));
}
if (envoy_config_rbac_v3_Policy_has_checked_condition(policy)) {
error_list.push_back(
absl::InvalidArgumentError("Policy: checked condition not supported"));
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing Policy", DEBUG_LOCATION,
std::move(error_list));
}
return policy_json;
}
absl::StatusOr<Json> ParseHttpRbacToJson(
const envoy_extensions_filters_http_rbac_v3_RBAC* rbac) {
Json::Object rbac_json;
std::vector<absl::Status> error_list;
const auto* rules = envoy_extensions_filters_http_rbac_v3_RBAC_rules(rbac);
if (rules != nullptr) {
int action = envoy_config_rbac_v3_RBAC_action(rules);
// Treat Log action as RBAC being absent
if (action == envoy_config_rbac_v3_RBAC_LOG) {
return rbac_json;
}
Json::Object inner_rbac_json;
inner_rbac_json.emplace("action", envoy_config_rbac_v3_RBAC_action(rules));
if (envoy_config_rbac_v3_RBAC_has_policies(rules)) {
Json::Object policies_object;
size_t iter = UPB_MAP_BEGIN;
while (true) {
auto* entry = envoy_config_rbac_v3_RBAC_policies_next(rules, &iter);
if (entry == nullptr) {
break;
}
auto policy = ParsePolicyToJson(
envoy_config_rbac_v3_RBAC_PoliciesEntry_value(entry));
if (!policy.ok()) {
error_list.push_back(StatusCreate(
absl::StatusCode::kInvalidArgument,
absl::StrFormat(
"RBAC PoliciesEntry key:%s",
UpbStringToStdString(
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry))),
DEBUG_LOCATION, {policy.status()}));
} else {
policies_object.emplace(
UpbStringToStdString(
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry)),
std::move(*policy));
}
}
inner_rbac_json.emplace("policies", std::move(policies_object));
}
rbac_json.emplace("rules", std::move(inner_rbac_json));
}
if (!error_list.empty()) {
return StatusCreate(absl::StatusCode::kInvalidArgument,
"Error parsing RBAC", DEBUG_LOCATION,
std::move(error_list));
}
return rbac_json;
}
} // namespace
void XdsHttpRbacFilter::PopulateSymtab(upb_symtab* symtab) const {
envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(symtab);
}
absl::StatusOr<XdsHttpFilterImpl::FilterConfig>
XdsHttpRbacFilter::GenerateFilterConfig(upb_strview serialized_filter_config,
upb_arena* arena) const {
absl::StatusOr<Json> rbac_json;
auto* rbac = envoy_extensions_filters_http_rbac_v3_RBAC_parse(
serialized_filter_config.data, serialized_filter_config.size, arena);
if (rbac == nullptr) {
return absl::InvalidArgumentError(
"could not parse HTTP RBAC filter config");
}
rbac_json = ParseHttpRbacToJson(rbac);
if (!rbac_json.ok()) {
return rbac_json.status();
}
return FilterConfig{kXdsHttpRbacFilterConfigName, std::move(*rbac_json)};
}
absl::StatusOr<XdsHttpFilterImpl::FilterConfig>
XdsHttpRbacFilter::GenerateFilterConfigOverride(
upb_strview serialized_filter_config, upb_arena* arena) const {
auto* rbac_per_route =
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse(
serialized_filter_config.data, serialized_filter_config.size, arena);
if (rbac_per_route == nullptr) {
return absl::InvalidArgumentError("could not parse RBACPerRoute");
}
absl::StatusOr<Json> rbac_json;
const auto* rbac =
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(rbac_per_route);
if (rbac == nullptr) {
rbac_json = Json::Object();
} else {
rbac_json = ParseHttpRbacToJson(rbac);
if (!rbac_json.ok()) {
return rbac_json.status();
}
}
return FilterConfig{kXdsHttpRbacFilterConfigOverrideName,
std::move(*rbac_json)};
}
const grpc_channel_filter* XdsHttpRbacFilter::channel_filter() const {
return &RbacFilter::kFilterVtable;
}
grpc_channel_args* XdsHttpRbacFilter::ModifyChannelArgs(
grpc_channel_args* args) const {
grpc_arg arg_to_add = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args* new_args =
grpc_channel_args_copy_and_add(args, &arg_to_add, 1);
grpc_channel_args_destroy(args);
return new_args;
}
absl::StatusOr<XdsHttpFilterImpl::ServiceConfigJsonEntry>
XdsHttpRbacFilter::GenerateServiceConfig(
const FilterConfig& hcm_filter_config,
const FilterConfig* filter_config_override) const {
Json policy_json = filter_config_override != nullptr
? filter_config_override->config
: hcm_filter_config.config;
// The policy JSON may be empty, that's allowed.
return ServiceConfigJsonEntry{"rbacPolicy", policy_json.Dump()};
}
} // namespace grpc_core

@ -0,0 +1,54 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#ifndef GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H
#define GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H
#include <grpc/support/port_platform.h>
#include "src/core/ext/xds/xds_http_filters.h"
namespace grpc_core {
extern const char* kXdsHttpRbacFilterConfigName;
extern const char* kXdsHttpRbacFilterConfigOverrideName;
class XdsHttpRbacFilter : public XdsHttpFilterImpl {
public:
void PopulateSymtab(upb_symtab* symtab) const override;
absl::StatusOr<FilterConfig> GenerateFilterConfig(
upb_strview serialized_filter_config, upb_arena* arena) const override;
absl::StatusOr<FilterConfig> GenerateFilterConfigOverride(
upb_strview serialized_filter_config, upb_arena* arena) const override;
const grpc_channel_filter* channel_filter() const override;
grpc_channel_args* ModifyChannelArgs(grpc_channel_args* args) const override;
absl::StatusOr<ServiceConfigJsonEntry> GenerateServiceConfig(
const FilterConfig& hcm_filter_config,
const FilterConfig* filter_config_override) const override;
bool IsSupportedOnClients() const override { return false; }
bool IsSupportedOnServers() const override { return true; }
};
} // namespace grpc_core
#endif // GRPC_CORE_EXT_XDS_XDS_HTTP_RBAC_FILTER_H

@ -271,6 +271,19 @@ grpc_error_handle HttpConnectionManagerParse(
bool is_v2, bool is_v2,
XdsListenerResource::HttpConnectionManager* http_connection_manager) { XdsListenerResource::HttpConnectionManager* http_connection_manager) {
MaybeLogHttpConnectionManager(context, http_connection_manager_proto); MaybeLogHttpConnectionManager(context, http_connection_manager_proto);
// NACK a non-zero `xff_num_trusted_hops` and a `non-empty
// original_ip_detection_extensions` as mentioned in
// https://github.com/grpc/proposal/blob/master/A41-xds-rbac.md
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_xff_num_trusted_hops(
http_connection_manager_proto) != 0) {
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"'xff_num_trusted_hops' must be zero");
}
if (envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_has_original_ip_detection_extensions(
http_connection_manager_proto)) {
return GRPC_ERROR_CREATE_FROM_STATIC_STRING(
"'original_ip_detection_extensions' must be empty");
}
// Obtain max_stream_duration from Http Protocol Options. // Obtain max_stream_duration from Http Protocol Options.
const envoy_config_core_v3_HttpProtocolOptions* options = const envoy_config_core_v3_HttpProtocolOptions* options =
envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_common_http_protocol_options( envoy_extensions_filters_network_http_connection_manager_v3_HttpConnectionManager_common_http_protocol_options(
@ -339,7 +352,7 @@ grpc_error_handle HttpConnectionManagerParse(
if (!filter_config.ok()) { if (!filter_config.ok()) {
return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat( return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
"filter config for type ", filter_type, "filter config for type ", filter_type,
" failed to parse: ", filter_config.status().ToString())); " failed to parse: ", StatusToString(filter_config.status())));
} }
http_connection_manager->http_filters.emplace_back( http_connection_manager->http_filters.emplace_back(
XdsListenerResource::HttpConnectionManager::HttpFilter{ XdsListenerResource::HttpConnectionManager::HttpFilter{

@ -538,7 +538,7 @@ grpc_error_handle ParseTypedPerFilterConfig(
if (!filter_config.ok()) { if (!filter_config.ok()) {
return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat( return GRPC_ERROR_CREATE_FROM_CPP_STRING(absl::StrCat(
"filter config for type ", filter_type, "filter config for type ", filter_type,
" failed to parse: ", filter_config.status().ToString())); " failed to parse: ", StatusToString(filter_config.status())));
} }
(*typed_per_filter_config)[std::string(key)] = std::move(*filter_config); (*typed_per_filter_config)[std::string(key)] = std::move(*filter_config);
} }

@ -200,9 +200,8 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager
// This ref is only kept around till the FilterChainMatchManager becomes // This ref is only kept around till the FilterChainMatchManager becomes
// ready. // ready.
RefCountedPtr<ListenerWatcher> listener_watcher_; RefCountedPtr<ListenerWatcher> listener_watcher_;
const XdsListenerResource::FilterChainMap filter_chain_map_; XdsListenerResource::FilterChainMap filter_chain_map_;
const absl::optional<XdsListenerResource::FilterChainData> absl::optional<XdsListenerResource::FilterChainData> default_filter_chain_;
default_filter_chain_;
Mutex mu_; Mutex mu_;
size_t rds_resources_yet_to_fetch_ ABSL_GUARDED_BY(mu_) = 0; size_t rds_resources_yet_to_fetch_ ABSL_GUARDED_BY(mu_) = 0;
std::map<std::string /* resource_name */, RdsUpdateState> rds_map_ std::map<std::string /* resource_name */, RdsUpdateState> rds_map_
@ -334,6 +333,8 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
http_filters_); http_filters_);
} }
void Orphan() override {}
void CancelWatch() override { watcher_.reset(); } void CancelWatch() override { watcher_.reset(); }
private: private:
@ -356,6 +357,8 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
std::vector<XdsListenerResource::HttpConnectionManager::HttpFilter> std::vector<XdsListenerResource::HttpConnectionManager::HttpFilter>
http_filters); http_filters);
void Orphan() override;
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> Watch( absl::StatusOr<RefCountedPtr<ServerConfigSelector>> Watch(
std::unique_ptr<ServerConfigSelectorProvider::ServerConfigSelectorWatcher> std::unique_ptr<ServerConfigSelectorProvider::ServerConfigSelectorWatcher>
watcher) override; watcher) override;
@ -386,7 +389,7 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
: public XdsRouteConfigResourceType::WatcherInterface { : public XdsRouteConfigResourceType::WatcherInterface {
public: public:
explicit RouteConfigWatcher( explicit RouteConfigWatcher(
RefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent) WeakRefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent)
: parent_(std::move(parent)) {} : parent_(std::move(parent)) {}
void OnResourceChanged(XdsRouteConfigResource route_config) override { void OnResourceChanged(XdsRouteConfigResource route_config) override {
@ -398,7 +401,7 @@ class XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
void OnResourceDoesNotExist() override { parent_->OnResourceDoesNotExist(); } void OnResourceDoesNotExist() override { parent_->OnResourceDoesNotExist(); }
private: private:
RefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent_; WeakRefCountedPtr<DynamicXdsServerConfigSelectorProvider> parent_;
}; };
// //
@ -591,8 +594,11 @@ XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager:: void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
StartRdsWatch(RefCountedPtr<ListenerWatcher> listener_watcher) { StartRdsWatch(RefCountedPtr<ListenerWatcher> listener_watcher) {
// Get the set of RDS resources to watch on // Get the set of RDS resources to watch on. Also get the set of
// FilterChainData so that we can reverse the list of HTTP filters since
// received data moves *up* the stack in Core.
std::set<std::string> resource_names; std::set<std::string> resource_names;
std::set<XdsListenerResource::FilterChainData*> filter_chain_data_set;
for (const auto& destination_ip : filter_chain_map_.destination_ip_vector) { for (const auto& destination_ip : filter_chain_map_.destination_ip_vector) {
for (const auto& source_type : destination_ip.source_types_array) { for (const auto& source_type : destination_ip.source_types_array) {
for (const auto& source_ip : source_type) { for (const auto& source_ip : source_type) {
@ -603,17 +609,34 @@ void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
source_port_pair.second.data->http_connection_manager source_port_pair.second.data->http_connection_manager
.route_config_name); .route_config_name);
} }
filter_chain_data_set.insert(source_port_pair.second.data.get());
} }
} }
} }
} }
if (default_filter_chain_.has_value() && if (default_filter_chain_.has_value()) {
!default_filter_chain_->http_connection_manager.route_config_name if (!default_filter_chain_->http_connection_manager.route_config_name
.empty()) { .empty()) {
resource_names.insert( resource_names.insert(
default_filter_chain_->http_connection_manager.route_config_name); default_filter_chain_->http_connection_manager.route_config_name);
}
std::reverse(
default_filter_chain_->http_connection_manager.http_filters.begin(),
default_filter_chain_->http_connection_manager.http_filters.end());
}
// Reverse the lists of HTTP filters in all the filter chains
for (auto* filter_chain_data : filter_chain_data_set) {
std::reverse(
filter_chain_data->http_connection_manager.http_filters.begin(),
filter_chain_data->http_connection_manager.http_filters.end());
} }
// Start watching on referenced RDS resources // Start watching on referenced RDS resources
struct WatcherToStart {
std::string resource_name;
RefCountedPtr<RouteConfigWatcher> watcher;
};
std::vector<WatcherToStart> watchers_to_start;
watchers_to_start.reserve(resource_names.size());
{ {
MutexLock lock(&mu_); MutexLock lock(&mu_);
for (const auto& resource_name : resource_names) { for (const auto& resource_name : resource_names) {
@ -622,14 +645,19 @@ void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
MakeRefCounted<RouteConfigWatcher>(resource_name, WeakRef()); MakeRefCounted<RouteConfigWatcher>(resource_name, WeakRef());
rds_map_.emplace(resource_name, RdsUpdateState{route_config_watcher.get(), rds_map_.emplace(resource_name, RdsUpdateState{route_config_watcher.get(),
absl::nullopt}); absl::nullopt});
XdsRouteConfigResourceType::StartWatch(xds_client_.get(), resource_name, watchers_to_start.push_back(
std::move(route_config_watcher)); WatcherToStart{resource_name, std::move(route_config_watcher)});
} }
if (rds_resources_yet_to_fetch_ != 0) { if (rds_resources_yet_to_fetch_ != 0) {
listener_watcher_ = std::move(listener_watcher); listener_watcher_ = std::move(listener_watcher);
listener_watcher = nullptr; listener_watcher = nullptr;
} }
} }
for (auto& watcher_to_start : watchers_to_start) {
XdsRouteConfigResourceType::StartWatch(xds_client_.get(),
watcher_to_start.resource_name,
std::move(watcher_to_start.watcher));
}
// Promote this filter chain match manager if all referenced resources are // Promote this filter chain match manager if all referenced resources are
// fetched. // fetched.
if (listener_watcher != nullptr) { if (listener_watcher != nullptr) {
@ -967,16 +995,13 @@ absl::StatusOr<grpc_channel_args*> XdsServerConfigFetcher::ListenerWatcher::
std::vector<const grpc_channel_filter*> filters; std::vector<const grpc_channel_filter*> filters;
// Iterate the list of HTTP filters in reverse since in Core, received data // Iterate the list of HTTP filters in reverse since in Core, received data
// flows *up* the stack. // flows *up* the stack.
for (auto reverse_iterator = for (const auto& http_filter :
filter_chain->http_connection_manager.http_filters.rbegin(); filter_chain->http_connection_manager.http_filters) {
reverse_iterator !=
filter_chain->http_connection_manager.http_filters.rend();
++reverse_iterator) {
// Find filter. This is guaranteed to succeed, because it's checked // Find filter. This is guaranteed to succeed, because it's checked
// at config validation time in the XdsApi code. // at config validation time in the XdsApi code.
const XdsHttpFilterImpl* filter_impl = const XdsHttpFilterImpl* filter_impl =
XdsHttpFilterRegistry::GetFilterForType( XdsHttpFilterRegistry::GetFilterForType(
reverse_iterator->config.config_proto_type_name); http_filter.config.config_proto_type_name);
GPR_ASSERT(filter_impl != nullptr); GPR_ASSERT(filter_impl != nullptr);
// Some filters like the router filter are no-op filters and do not have // Some filters like the router filter are no-op filters and do not have
// an implementation. // an implementation.
@ -1162,12 +1187,22 @@ XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
http_filters_(std::move(http_filters)), http_filters_(std::move(http_filters)),
resource_(std::move(initial_resource)) { resource_(std::move(initial_resource)) {
GPR_ASSERT(!resource_name_.empty()); GPR_ASSERT(!resource_name_.empty());
auto route_config_watcher = MakeRefCounted<RouteConfigWatcher>(Ref()); // RouteConfigWatcher is being created here instead of in Watch() to avoid
// deadlocks from invoking XdsRouteConfigResourceType::StartWatch whilst in a
// critical region.
auto route_config_watcher = MakeRefCounted<RouteConfigWatcher>(WeakRef());
route_config_watcher_ = route_config_watcher.get(); route_config_watcher_ = route_config_watcher.get();
XdsRouteConfigResourceType::StartWatch(xds_client_.get(), resource_name_, XdsRouteConfigResourceType::StartWatch(xds_client_.get(), resource_name_,
std::move(route_config_watcher)); std::move(route_config_watcher));
} }
void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
DynamicXdsServerConfigSelectorProvider::Orphan() {
XdsRouteConfigResourceType::CancelWatch(xds_client_.get(), resource_name_,
route_config_watcher_,
false /* delay_unsubscription */);
}
absl::StatusOr<RefCountedPtr<ServerConfigSelector>> absl::StatusOr<RefCountedPtr<ServerConfigSelector>>
XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager:: XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
DynamicXdsServerConfigSelectorProvider::Watch( DynamicXdsServerConfigSelectorProvider::Watch(
@ -1189,9 +1224,6 @@ XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager:: void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
DynamicXdsServerConfigSelectorProvider::CancelWatch() { DynamicXdsServerConfigSelectorProvider::CancelWatch() {
XdsRouteConfigResourceType::CancelWatch(xds_client_.get(), resource_name_,
route_config_watcher_,
false /* delay_unsubscription */);
MutexLock lock(&mu_); MutexLock lock(&mu_);
watcher_.reset(); watcher_.reset();
} }
@ -1204,6 +1236,10 @@ void XdsServerConfigFetcher::ListenerWatcher::FilterChainMatchManager::
if (watcher_ == nullptr) { if (watcher_ == nullptr) {
return; return;
} }
// Currently server_config_selector_filter does not call into
// DynamicXdsServerConfigSelectorProvider while holding a lock, but if that
// ever changes, we would want to invoke the update outside the critical
// region with the use of a WorkSerializer.
watcher_->OnServerConfigSelectorUpdate( watcher_->OnServerConfigSelectorUpdate(
XdsServerConfigSelector::Create(*resource_, http_filters_)); XdsServerConfigSelector::Create(*resource_, http_filters_));
} }

@ -159,7 +159,7 @@ std::vector<absl::Status> ParseChildren(absl::Cord children) {
absl::Status StatusCreate(absl::StatusCode code, absl::string_view msg, absl::Status StatusCreate(absl::StatusCode code, absl::string_view msg,
const DebugLocation& location, const DebugLocation& location,
std::initializer_list<absl::Status> children) { std::vector<absl::Status> children) {
absl::Status s(code, msg); absl::Status s(code, msg);
if (location.file() != nullptr) { if (location.file() != nullptr) {
StatusSetStr(&s, StatusStrProperty::kFile, location.file()); StatusSetStr(&s, StatusStrProperty::kFile, location.file());

@ -110,7 +110,7 @@ enum class StatusTimeProperty {
/// Creates a status with given additional information /// Creates a status with given additional information
absl::Status StatusCreate( absl::Status StatusCreate(
absl::StatusCode code, absl::string_view msg, const DebugLocation& location, absl::StatusCode code, absl::string_view msg, const DebugLocation& location,
std::initializer_list<absl::Status> children) GRPC_MUST_USE_RESULT; std::vector<absl::Status> children) GRPC_MUST_USE_RESULT;
/// Sets the int property to the status /// Sets the int property to the status
void StatusSetInt(absl::Status* status, StatusIntProperty key, intptr_t value); void StatusSetInt(absl::Status* status, StatusIntProperty key, intptr_t value);

@ -29,6 +29,17 @@ GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy)
} }
} }
GrpcAuthorizationEngine::GrpcAuthorizationEngine(
GrpcAuthorizationEngine&& other) noexcept
: action_(other.action_), policies_(std::move(other.policies_)) {}
GrpcAuthorizationEngine& GrpcAuthorizationEngine::operator=(
GrpcAuthorizationEngine&& other) noexcept {
action_ = other.action_;
policies_ = std::move(other.policies_);
return *this;
}
AuthorizationEngine::Decision GrpcAuthorizationEngine::Evaluate( AuthorizationEngine::Decision GrpcAuthorizationEngine::Evaluate(
const EvaluateArgs& args) const { const EvaluateArgs& args) const {
Decision decision; Decision decision;

@ -36,10 +36,13 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
// Builds GrpcAuthorizationEngine with allow/deny RBAC policy. // Builds GrpcAuthorizationEngine with allow/deny RBAC policy.
explicit GrpcAuthorizationEngine(Rbac policy); explicit GrpcAuthorizationEngine(Rbac policy);
Rbac::Action action() { return action_; } GrpcAuthorizationEngine(GrpcAuthorizationEngine&& other) noexcept;
GrpcAuthorizationEngine& operator=(GrpcAuthorizationEngine&& other) noexcept;
Rbac::Action action() const { return action_; }
// Required only for testing purpose. // Required only for testing purpose.
size_t num_policies() { return policies_.size(); } size_t num_policies() const { return policies_.size(); }
// Evaluates incoming request against RBAC policy and makes a decision to // Evaluates incoming request against RBAC policy and makes a decision to
// whether allow/deny this request. // whether allow/deny this request.
@ -50,7 +53,6 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
std::string name; std::string name;
std::unique_ptr<AuthorizationMatcher> matcher; std::unique_ptr<AuthorizationMatcher> matcher;
}; };
Rbac::Action action_; Rbac::Action action_;
std::vector<Policy> policies_; std::vector<Policy> policies_;
}; };

@ -80,7 +80,7 @@ struct Rbac {
std::string ToString() const; std::string ToString() const;
RuleType type; RuleType type = RuleType::kAnd;
HeaderMatcher header_matcher; HeaderMatcher header_matcher;
StringMatcher string_matcher; StringMatcher string_matcher;
CidrRange ip; CidrRange ip;
@ -124,7 +124,7 @@ struct Rbac {
std::string ToString() const; std::string ToString() const;
RuleType type; RuleType type = RuleType::kAnd;
HeaderMatcher header_matcher; HeaderMatcher header_matcher;
StringMatcher string_matcher; StringMatcher string_matcher;
CidrRange ip; CidrRange ip;

@ -64,6 +64,8 @@ void ServiceConfigParserShutdown(void);
#ifndef GRPC_NO_XDS #ifndef GRPC_NO_XDS
namespace grpc_core { namespace grpc_core {
void RbacFilterInit(void);
void RbacFilterShutdown(void);
void XdsClientGlobalInit(); void XdsClientGlobalInit();
void XdsClientGlobalShutdown(); void XdsClientGlobalShutdown();
} // namespace grpc_core } // namespace grpc_core
@ -128,6 +130,8 @@ void grpc_register_built_in_plugins(void) {
grpc_register_plugin(grpc_core::FaultInjectionFilterInit, grpc_register_plugin(grpc_core::FaultInjectionFilterInit,
grpc_core::FaultInjectionFilterShutdown); grpc_core::FaultInjectionFilterShutdown);
#ifndef GRPC_NO_XDS #ifndef GRPC_NO_XDS
// rbac_filter is being guarded with GRPC_NO_XDS to avoid a dependency on the re2 library by default
grpc_register_plugin(grpc_core::RbacFilterInit, grpc_core::RbacFilterShutdown);
grpc_register_plugin(grpc_core::XdsClientGlobalInit, grpc_register_plugin(grpc_core::XdsClientGlobalInit,
grpc_core::XdsClientGlobalShutdown); grpc_core::XdsClientGlobalShutdown);
grpc_register_plugin(grpc_certificate_provider_registry_init, grpc_register_plugin(grpc_certificate_provider_registry_init,

@ -112,6 +112,17 @@ grpc_proto_library(
well_known_protos = True, well_known_protos = True,
) )
grpc_proto_library(
name = "path_proto",
srcs = [
"path.proto",
],
well_known_protos = True,
deps = [
"string_proto",
],
)
grpc_proto_library( grpc_proto_library(
name = "listener_proto", name = "listener_proto",
srcs = [ srcs = [
@ -200,6 +211,7 @@ grpc_proto_library(
well_known_protos = True, well_known_protos = True,
deps = [ deps = [
"config_source_proto", "config_source_proto",
"extension_proto",
"protocol_proto", "protocol_proto",
"route_proto", "route_proto",
], ],
@ -291,6 +303,56 @@ grpc_proto_library(
], ],
) )
grpc_proto_library(
name = "metadata_proto",
srcs = [
"metadata.proto",
],
well_known_protos = True,
)
grpc_proto_library(
name = "expr_proto",
srcs = [
"expr.proto",
],
well_known_protos = True,
)
cc_library(
name = "expr_lib",
deps = ["expr_cc_proto"],
)
grpc_proto_library(
name = "rbac_proto",
srcs = [
"rbac.proto",
],
well_known_protos = True,
deps = [
"address_proto",
"expr_proto",
"extension_proto",
"metadata_proto",
"path_proto",
"range_proto",
"route_proto",
"string_proto",
],
)
grpc_proto_library(
name = "http_filter_rbac_proto",
srcs = [
"http_filter_rbac.proto",
],
well_known_protos = True,
deps = [
"rbac_proto",
],
)
py_proto_library( py_proto_library(
name = "csds_py_pb2", name = "csds_py_pb2",
deps = [":_csds_proto_only"], deps = [":_csds_proto_only"],

@ -0,0 +1,23 @@
// Copyright 2021 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// TODO(yashykt) : Figure out how to not need this
syntax = "proto3";
package google.api.expr.v1alpha1;
message Expr {}
message CheckedExpr {}

@ -21,6 +21,7 @@ package envoy.extensions.filters.network.http_connection_manager.v3;
import "google/protobuf/any.proto"; import "google/protobuf/any.proto";
import "src/proto/grpc/testing/xds/v3/config_source.proto"; import "src/proto/grpc/testing/xds/v3/config_source.proto";
import "src/proto/grpc/testing/xds/v3/extension.proto";
import "src/proto/grpc/testing/xds/v3/protocol.proto"; import "src/proto/grpc/testing/xds/v3/protocol.proto";
import "src/proto/grpc/testing/xds/v3/route.proto"; import "src/proto/grpc/testing/xds/v3/route.proto";
@ -50,6 +51,32 @@ message HttpConnectionManager {
// Additional settings for HTTP requests handled by the connection manager. These will be // Additional settings for HTTP requests handled by the connection manager. These will be
// applicable to both HTTP1 and HTTP2 requests. // applicable to both HTTP1 and HTTP2 requests.
config.core.v3.HttpProtocolOptions common_http_protocol_options = 35; config.core.v3.HttpProtocolOptions common_http_protocol_options = 35;
// The number of additional ingress proxy hops from the right side of the
// :ref:`config_http_conn_man_headers_x-forwarded-for` HTTP header to trust when
// determining the origin client's IP address. The default is zero if this option
// is not specified. See the documentation for
// :ref:`config_http_conn_man_headers_x-forwarded-for` for more information.
uint32 xff_num_trusted_hops = 19;
// The configuration for the original IP detection extensions.
//
// When configured the extensions will be called along with the request headers
// and information about the downstream connection, such as the directly connected address.
// Each extension will then use these parameters to decide the request's effective remote address.
// If an extension fails to detect the original IP address and isn't configured to reject
// the request, the HCM will try the remaining extensions until one succeeds or rejects
// the request. If the request isn't rejected nor any extension succeeds, the HCM will
// fallback to using the remote address.
//
// .. WARNING::
// Extensions cannot be used in conjunction with :ref:`use_remote_address
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.use_remote_address>`
// nor :ref:`xff_num_trusted_hops
// <envoy_v3_api_field_extensions.filters.network.http_connection_manager.v3.HttpConnectionManager.xff_num_trusted_hops>`.
//
// [#extension-category: envoy.http.original_ip_detection]
repeated config.core.v3.TypedExtensionConfig original_ip_detection_extensions = 46;
} }
message Rds { message Rds {

@ -0,0 +1,41 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.extensions.filters.http.rbac.v3;
import "src/proto/grpc/testing/xds/v3/rbac.proto";
// [#protodoc-title: RBAC]
// Role-Based Access Control :ref:`configuration overview <config_http_filters_rbac>`.
// [#extension: envoy.filters.http.rbac]
// RBAC filter config.
message RBAC {
// Specify the RBAC rules to be applied globally.
// If absent, no enforcing RBAC policy will be applied.
// If present and empty, DENY.
config.rbac.v3.RBAC rules = 1;
}
message RBACPerRoute {
// Override the global configuration of the filter with this new config.
// If absent, the global RBAC policy will be disabled for this route.
RBAC rbac = 2;
}

@ -0,0 +1,84 @@
// Copyright 2021 The gRPC Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.type.matcher.v3;
// [#protodoc-title: Metadata matcher]
// MetadataMatcher provides a general interface to check if a given value is matched in
// :ref:`Metadata <envoy_v3_api_msg_config.core.v3.Metadata>`. It uses `filter` and `path` to retrieve the value
// from the Metadata and then check if it's matched to the specified value.
//
// For example, for the following Metadata:
//
// .. code-block:: yaml
//
// filter_metadata:
// envoy.filters.http.rbac:
// fields:
// a:
// struct_value:
// fields:
// b:
// struct_value:
// fields:
// c:
// string_value: pro
// t:
// list_value:
// values:
// - string_value: m
// - string_value: n
//
// The following MetadataMatcher is matched as the path [a, b, c] will retrieve a string value "pro"
// from the Metadata which is matched to the specified prefix match.
//
// .. code-block:: yaml
//
// filter: envoy.filters.http.rbac
// path:
// - key: a
// - key: b
// - key: c
// value:
// string_match:
// prefix: pr
//
// The following MetadataMatcher is matched as the code will match one of the string values in the
// list at the path [a, t].
//
// .. code-block:: yaml
//
// filter: envoy.filters.http.rbac
// path:
// - key: a
// - key: t
// value:
// list_match:
// one_of:
// string_match:
// exact: m
//
// An example use of MetadataMatcher is specifying additional metadata in envoy.filters.http.rbac to
// enforce access control based on dynamic metadata in a request. See :ref:`Permission
// <envoy_v3_api_msg_config.rbac.v3.Permission>` and :ref:`Principal
// <envoy_v3_api_msg_config.rbac.v3.Principal>`.
// [#next-major-version: MetadataMatcher should use StructMatcher]
message MetadataMatcher {
}

@ -0,0 +1,35 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.type.matcher.v3;
import "src/proto/grpc/testing/xds/v3/string.proto";
// [#protodoc-title: Path matcher]
// Specifies the way to match a path on HTTP request.
message PathMatcher {
oneof rule {
// The `path` must match the URL path portion of the :path header. The query and fragment
// string (if present) are removed in the URL path portion.
// For example, the path */data* will match the *:path* header */data#fragment?param=value*.
StringMatcher path = 1;
}
}

@ -29,3 +29,13 @@ message Int64Range {
// end of the range (exclusive) // end of the range (exclusive)
int64 end = 2; int64 end = 2;
} }
// Specifies the int32 start and end of the range using half-open interval semantics [start,
// end).
message Int32Range {
// start of the range (inclusive)
int32 start = 1;
// end of the range (exclusive)
int32 end = 2;
}

@ -0,0 +1,293 @@
//
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Local copy of Envoy xDS proto file, used for testing only.
syntax = "proto3";
package envoy.config.rbac.v3;
import "src/proto/grpc/testing/xds/v3/address.proto";
import "src/proto/grpc/testing/xds/v3/extension.proto";
import "src/proto/grpc/testing/xds/v3/route.proto";
import "src/proto/grpc/testing/xds/v3/metadata.proto";
import "src/proto/grpc/testing/xds/v3/path.proto";
import "src/proto/grpc/testing/xds/v3/string.proto";
import "src/proto/grpc/testing/xds/v3/range.proto";
import "src/proto/grpc/testing/xds/v3/expr.proto";
// [#protodoc-title: Role Based Access Control (RBAC)]
// Role Based Access Control (RBAC) provides service-level and method-level access control for a
// service. Requests are allowed or denied based on the `action` and whether a matching policy is
// found. For instance, if the action is ALLOW and a matching policy is found the request should be
// allowed.
//
// RBAC can also be used to make access logging decisions by communicating with access loggers
// through dynamic metadata. When the action is LOG and at least one policy matches, the
// `access_log_hint` value in the shared key namespace 'envoy.common' is set to `true` indicating
// the request should be logged.
//
// Here is an example of RBAC configuration. It has two policies:
//
// * Service account "cluster.local/ns/default/sa/admin" has full access to the service, and so
// does "cluster.local/ns/default/sa/superuser".
//
// * Any user can read ("GET") the service at paths with prefix "/products", so long as the
// destination port is either 80 or 443.
//
// .. code-block:: yaml
//
// action: ALLOW
// policies:
// "service-admin":
// permissions:
// - any: true
// principals:
// - authenticated:
// principal_name:
// exact: "cluster.local/ns/default/sa/admin"
// - authenticated:
// principal_name:
// exact: "cluster.local/ns/default/sa/superuser"
// "product-viewer":
// permissions:
// - and_rules:
// rules:
// - header:
// name: ":method"
// string_match:
// exact: "GET"
// - url_path:
// path: { prefix: "/products" }
// - or_rules:
// rules:
// - destination_port: 80
// - destination_port: 443
// principals:
// - any: true
//
message RBAC {
// Should we do safe-list or block-list style access control?
enum Action {
// The policies grant access to principals. The rest are denied. This is safe-list style
// access control. This is the default type.
ALLOW = 0;
// The policies deny access to principals. The rest are allowed. This is block-list style
// access control.
DENY = 1;
// The policies set the `access_log_hint` dynamic metadata key based on if requests match.
// All requests are allowed.
LOG = 2;
}
// The action to take if a policy matches. Every action either allows or denies a request,
// and can also carry out action-specific operations.
//
// Actions:
//
// * ALLOW: Allows the request if and only if there is a policy that matches
// the request.
// * DENY: Allows the request if and only if there are no policies that
// match the request.
// * LOG: Allows all requests. If at least one policy matches, the dynamic
// metadata key `access_log_hint` is set to the value `true` under the shared
// key namespace 'envoy.common'. If no policies match, it is set to `false`.
// Other actions do not modify this key.
//
Action action = 1;
// Maps from policy name to policy. A match occurs when at least one policy matches the request.
// The policies are evaluated in lexicographic order of the policy name.
map<string, Policy> policies = 2;
}
// Policy specifies a role and the principals that are assigned/denied the role.
// A policy matches if and only if at least one of its permissions match the
// action taking place AND at least one of its principals match the downstream
// AND the condition is true if specified.
message Policy {
// Required. The set of permissions that define a role. Each permission is
// matched with OR semantics. To match all actions for this policy, a single
// Permission with the `any` field set to true should be used.
repeated Permission permissions = 1;
// Required. The set of principals that are assigned/denied the role based on
// action. Each principal is matched with OR semantics. To match all
// downstreams for this policy, a single Principal with the `any` field set to
// true should be used.
repeated Principal principals = 2;
// An optional symbolic expression specifying an access control
// :ref:`condition <arch_overview_condition>`. The condition is combined
// with the permissions and the principals as a clause with AND semantics.
// Only be used when checked_condition is not used.
google.api.expr.v1alpha1.Expr condition = 3;
// [#not-implemented-hide:]
// An optional symbolic expression that has been successfully type checked.
// Only be used when condition is not used.
google.api.expr.v1alpha1.CheckedExpr checked_condition = 4;
}
// Permission defines an action (or actions) that a principal can take.
// [#next-free-field: 13]
message Permission {
// Used in the `and_rules` and `or_rules` fields in the `rule` oneof. Depending on the context,
// each are applied with the associated behavior.
message Set {
repeated Permission rules = 1;
}
oneof rule {
// A set of rules that all must match in order to define the action.
Set and_rules = 1;
// A set of rules where at least one must match in order to define the action.
Set or_rules = 2;
// When any is set, it matches any action.
bool any = 3;
// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
// available for HTTP request.
// Note: the pseudo-header :path includes the query and fragment string. Use the `url_path`
// field if you want to match the URL path without the query and fragment string.
route.v3.HeaderMatcher header = 4;
// A URL path on the incoming HTTP request. Only available for HTTP.
type.matcher.v3.PathMatcher url_path = 10;
// A CIDR block that describes the destination IP.
core.v3.CidrRange destination_ip = 5;
// A port number that describes the destination port connecting to.
uint32 destination_port = 6;
// A port number range that describes a range of destination ports connecting to.
type.v3.Int32Range destination_port_range = 11;
// Metadata that describes additional information about the action.
type.matcher.v3.MetadataMatcher metadata = 7;
// Negates matching the provided permission. For instance, if the value of
// `not_rule` would match, this permission would not match. Conversely, if
// the value of `not_rule` would not match, this permission would match.
Permission not_rule = 8;
// The request server from the client's connection request. This is
// typically TLS SNI.
//
// .. attention::
//
// The behavior of this field may be affected by how Envoy is configured
// as explained below.
//
// * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
// filter is not added, and if a `FilterChainMatch` is not defined for
// the :ref:`server name
// <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
// a TLS connection's requested SNI server name will be treated as if it
// wasn't present.
//
// * A :ref:`listener filter <arch_overview_listener_filters>` may
// overwrite a connection's requested server name within Envoy.
//
// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
// setup SNI.
type.matcher.v3.StringMatcher requested_server_name = 9;
// Extension for configuring custom matchers for RBAC.
// [#extension-category: envoy.rbac.matchers]
core.v3.TypedExtensionConfig matcher = 12;
}
}
// Principal defines an identity or a group of identities for a downstream
// subject.
// [#next-free-field: 12]
message Principal {
// Used in the `and_ids` and `or_ids` fields in the `identifier` oneof.
// Depending on the context, each are applied with the associated behavior.
message Set {
repeated Principal ids = 1;
}
// Authentication attributes for a downstream.
message Authenticated {
reserved 1;
// The name of the principal. If set, The URI SAN or DNS SAN in that order
// is used from the certificate, otherwise the subject field is used. If
// unset, it applies to any user that is authenticated.
type.matcher.v3.StringMatcher principal_name = 2;
}
oneof identifier {
// A set of identifiers that all must match in order to define the
// downstream.
Set and_ids = 1;
// A set of identifiers at least one must match in order to define the
// downstream.
Set or_ids = 2;
// When any is set, it matches any downstream.
bool any = 3;
// Authenticated attributes that identify the downstream.
Authenticated authenticated = 4;
// A CIDR block that describes the downstream IP.
// This address will honor proxy protocol, but will not honor XFF.
core.v3.CidrRange source_ip = 5;
// A CIDR block that describes the downstream remote/origin address.
// Note: This is always the physical peer even if the
// :ref:`remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.remote_ip>` is
// inferred from for example the x-forwarder-for header, proxy protocol,
// etc.
core.v3.CidrRange direct_remote_ip = 10;
// A CIDR block that describes the downstream remote/origin address.
// Note: This may not be the physical peer and could be different from the
// :ref:`direct_remote_ip
// <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`. E.g, if the
// remote ip is inferred from for example the x-forwarder-for header, proxy
// protocol, etc.
core.v3.CidrRange remote_ip = 11;
// A header (or pseudo-header such as :path or :method) on the incoming HTTP
// request. Only available for HTTP request. Note: the pseudo-header :path
// includes the query and fragment string. Use the `url_path` field if you
// want to match the URL path without the query and fragment string.
route.v3.HeaderMatcher header = 6;
// A URL path on the incoming HTTP request. Only available for HTTP.
type.matcher.v3.PathMatcher url_path = 9;
// Metadata that describes additional information about the principal.
type.matcher.v3.MetadataMatcher metadata = 7;
// Negates matching the provided principal. For instance, if the value of
// `not_id` would match, this principal would not match. Conversely, if the
// value of `not_id` would not match, this principal would match.
Principal not_id = 8;
}
}

@ -89,6 +89,8 @@ CORE_SOURCE_FILES = [
'src/core/ext/filters/http/server/http_server_filter.cc', 'src/core/ext/filters/http/server/http_server_filter.cc',
'src/core/ext/filters/max_age/max_age_filter.cc', 'src/core/ext/filters/max_age/max_age_filter.cc',
'src/core/ext/filters/message_size/message_size_filter.cc', 'src/core/ext/filters/message_size/message_size_filter.cc',
'src/core/ext/filters/rbac/rbac_filter.cc',
'src/core/ext/filters/rbac/rbac_service_config_parser.cc',
'src/core/ext/filters/server_config_selector/server_config_selector.cc', 'src/core/ext/filters/server_config_selector/server_config_selector.cc',
'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc', 'src/core/ext/filters/server_config_selector/server_config_selector_filter.cc',
'src/core/ext/service_config/service_config.cc', 'src/core/ext/service_config/service_config.cc',
@ -170,6 +172,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c', 'src/core/ext/upb-generated/envoy/extensions/clusters/aggregate/v3/cluster.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c',
'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c', 'src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c',
'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c', 'src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c',
@ -270,6 +273,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/listener/v3/udp_listener_config.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/config/route/v3/scoped_route.upbdefs.c',
@ -277,6 +281,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/clusters/aggregate/v3/cluster.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/extensions/transport_sockets/tls/v3/cert.upbdefs.c',
@ -308,6 +313,11 @@ CORE_SOURCE_FILES = [
'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/type/v3/range.upbdefs.c',
'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c', 'src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c', 'src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c',
'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c', 'src/core/ext/upbdefs-generated/google/api/http.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c', 'src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c',
'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c', 'src/core/ext/upbdefs-generated/google/protobuf/descriptor.upbdefs.c',
@ -345,6 +355,7 @@ CORE_SOURCE_FILES = [
'src/core/ext/xds/xds_endpoint.cc', 'src/core/ext/xds/xds_endpoint.cc',
'src/core/ext/xds/xds_http_fault_filter.cc', 'src/core/ext/xds/xds_http_fault_filter.cc',
'src/core/ext/xds/xds_http_filters.cc', 'src/core/ext/xds/xds_http_filters.cc',
'src/core/ext/xds/xds_http_rbac_filter.cc',
'src/core/ext/xds/xds_listener.cc', 'src/core/ext/xds/xds_listener.cc',
'src/core/ext/xds/xds_resource_type.cc', 'src/core/ext/xds/xds_resource_type.cc',
'src/core/ext/xds/xds_route_config.cc', 'src/core/ext/xds/xds_route_config.cc',
@ -531,6 +542,9 @@ CORE_SOURCE_FILES = [
'src/core/lib/resource_quota/trace.cc', 'src/core/lib/resource_quota/trace.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc', 'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc', 'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/grpc_authorization_engine.cc',
'src/core/lib/security/authorization/matchers.cc',
'src/core/lib/security/authorization/rbac_policy.cc',
'src/core/lib/security/authorization/sdk_server_authz_filter.cc', 'src/core/lib/security/authorization/sdk_server_authz_filter.cc',
'src/core/lib/security/context/security_context.cc', 'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc', 'src/core/lib/security/credentials/alts/alts_credentials.cc',

@ -0,0 +1,33 @@
# Copyright 2021 gRPC authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
load("//bazel:grpc_build_system.bzl", "grpc_cc_test", "grpc_package")
licenses(["notice"])
grpc_package(name = "test/core/ext/filters/rbac")
grpc_cc_test(
name = "rbac_service_config_parser_test",
srcs = ["rbac_service_config_parser_test.cc"],
external_deps = [
"gtest",
],
language = "c++",
uses_polling = False,
deps = [
"//:grpc_rbac_filter",
"//test/core/util:grpc_test_util",
],
)

@ -0,0 +1,652 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
#include <gmock/gmock-matchers.h>
#include <gmock/gmock.h>
#include <gtest/gtest.h>
#include "src/core/ext/service_config/service_config.h"
#include "test/core/util/test_config.h"
// A regular expression to enter referenced or child errors.
#ifdef GRPC_ERROR_IS_ABSEIL_STATUS
#define CHILD_ERROR_TAG ".*children.*"
#else
#define CHILD_ERROR_TAG ".*referenced_errors.*"
#endif
namespace grpc_core {
namespace testing {
namespace {
// Test basic parsing of RBAC policy
TEST(RbacServiceConfigParsingTest, EmptyRbacPolicy) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [ {\n"
" } ]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->action(),
Rbac::Action::kDeny);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 0);
}
// Test that RBAC policies are not parsed if the channel arg
// GRPC_ARG_PARSE_RBAC_METHOD_CONFIG is not present
TEST(RbacServiceConfigParsingTest, MissingChannelArg) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [ {\n"
" } ]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
auto svc_cfg = ServiceConfig::Create(nullptr, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_EQ(parsed_rbac_config, nullptr);
}
// Test an empty rbacPolicy array
TEST(RbacServiceConfigParsingTest, EmptyRbacPolicyArray) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": []"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_EQ(parsed_rbac_config, nullptr);
}
// Test presence of multiple RBAC policies in the array
TEST(RbacServiceConfigParsingTest, MultipleRbacPolicies) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [ {}, {}, {} ]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
for (auto i = 0; i < 3; ++i) {
ASSERT_NE(parsed_rbac_config->authorization_engine(i), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->action(),
Rbac::Action::kDeny);
EXPECT_EQ(parsed_rbac_config->authorization_engine(i)->num_policies(), 0);
}
}
TEST(RbacServiceConfigParsingTest, BadRbacPolicyType) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": 1234"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"field:rbacPolicy error:type should be ARRAY"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, BadRulesType) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\"rules\":1}]"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"field:rules error:type should be OBJECT"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, BadActionAndPolicyType) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":{},\n"
" \"policies\":123\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"field:action error:type should be NUMBER.*"
"field:policies error:type should be OBJECT"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, MissingPermissionAndPrincipals) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"field:permissions error:does not exist.*"
"field:principals error:does not exist"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, EmptyPrincipalAndPermission) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[{}],\n"
" \"principals\":[{}]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex(
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG "No valid rule found.*"
"principals\\[0\\]" CHILD_ERROR_TAG "No valid id found"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"andRules\":{\"rules\":[{\"any\":true}]}},\n"
" {\"orRules\":{\"rules\":[{\"any\":true}]}},\n"
" {\"any\":true},\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n"
" {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n"
" {\"destinationIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"destinationPort\":1234},\n"
" {\"notRule\":{\"any\":true}},\n"
" {\"requestedServerName\":{\"exact\":\"\"}}\n"
" ],\n"
" \"principals\":[\n"
" {\"andIds\":{\"ids\":[{\"any\":true}]}},\n"
" {\"orIds\":{\"ids\":[{\"any\":true}]}},\n"
" {\"any\":true},\n"
" {\"authenticated\":{\n"
" \"principalName\":{\"exact\":\"\"}}},\n"
" {\"sourceIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"directRemoteIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"remoteIp\":{\"addressPrefix\":\"::1\"}},\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\"}},\n"
" {\"urlPath\":{\"path\":{\"exact\":\"\"}}},\n"
" {\"notId\":{\"any\":true}}\n"
" ]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
}
TEST(RbacServiceConfigParsingTest, VariousPermissionsAndPrincipalsBadTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"andRules\":1234},\n"
" {\"orRules\":1234},\n"
" {\"any\":1234},\n"
" {\"header\":1234},\n"
" {\"urlPath\":1234},\n"
" {\"destinationIp\":1234},\n"
" {\"destinationPort\":\"port\"},\n"
" {\"notRule\":1234},\n"
" {\"requestedServerName\":1234}\n"
" ],\n"
" \"principals\":[\n"
" {\"andIds\":1234},\n"
" {\"orIds\":1234},\n"
" {\"any\":1234},\n"
" {\"authenticated\":1234},\n"
" {\"sourceIp\":1234},\n"
" {\"directRemoteIp\":1234},\n"
" {\"remoteIp\":1234},\n"
" {\"header\":1234},\n"
" {\"urlPath\":1234},\n"
" {\"notId\":1234}\n"
" ]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex(
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG
"field:andRules error:type should be OBJECT.*"
"permissions\\[1\\]" CHILD_ERROR_TAG
"field:orRules error:type should be OBJECT.*"
"permissions\\[2\\]" CHILD_ERROR_TAG
"field:any error:type should be BOOLEAN.*"
"permissions\\[3\\]" CHILD_ERROR_TAG
"field:header error:type should be OBJECT.*"
"permissions\\[4\\]" CHILD_ERROR_TAG
"field:urlPath error:type should be OBJECT.*"
"permissions\\[5\\]" CHILD_ERROR_TAG
"field:destinationIp error:type should be OBJECT.*"
"permissions\\[6\\]" CHILD_ERROR_TAG
"field:destinationPort error:type should be NUMBER.*"
"permissions\\[7\\]" CHILD_ERROR_TAG
"field:notRule error:type should be OBJECT.*"
"permissions\\[8\\]" CHILD_ERROR_TAG
"field:requestedServerName error:type should be OBJECT.*"
"principals\\[0\\]" CHILD_ERROR_TAG
"field:andIds error:type should be OBJECT.*"
"principals\\[1\\]" CHILD_ERROR_TAG
"field:orIds error:type should be OBJECT.*"
"principals\\[2\\]" CHILD_ERROR_TAG
"field:any error:type should be BOOLEAN.*"
"principals\\[3\\]" CHILD_ERROR_TAG
"field:authenticated error:type should be OBJECT.*"
"principals\\[4\\]" CHILD_ERROR_TAG
"field:sourceIp error:type should be OBJECT.*"
"principals\\[5\\]" CHILD_ERROR_TAG
"field:directRemoteIp error:type should be OBJECT.*"
"principals\\[6\\]" CHILD_ERROR_TAG
"field:remoteIp error:type should be OBJECT.*"
"principals\\[7\\]" CHILD_ERROR_TAG
"field:header error:type should be OBJECT.*"
"principals\\[8\\]" CHILD_ERROR_TAG
"field:urlPath error:type should be OBJECT.*"
"principals\\[9\\]" CHILD_ERROR_TAG
"field:notId error:type should be OBJECT.*"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, HeaderMatcherVariousTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":\"\", \n"
" \"invertMatch\":true}},\n"
" {\"header\":{\"name\":\"name\", \"safeRegexMatch\":{\n"
" \"regex\":\"\"}}},\n"
" {\"header\":{\"name\":\"name\", \"rangeMatch\":{\n"
" \"start\":0, \"end\":1}}},\n"
" {\"header\":{\"name\":\"name\", \"presentMatch\":true}},\n"
" {\"header\":{\"name\":\"name\", \"prefixMatch\":\"\"}},\n"
" {\"header\":{\"name\":\"name\", \"suffixMatch\":\"\"}},\n"
" {\"header\":{\"name\":\"name\", \"containsMatch\":\"\"}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
}
TEST(RbacServiceConfigParsingTest, HeaderMatcherBadTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"header\":{\"name\":\"name\", \"exactMatch\":1, \n"
" \"invertMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"safeRegexMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"rangeMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"presentMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"prefixMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"suffixMatch\":1}},\n"
" {\"header\":{\"name\":\"name\", \"containsMatch\":1}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex(
"Rbac parser" CHILD_ERROR_TAG "rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:invertMatch error:type should be BOOLEAN.*"
"field:exactMatch error:type should be STRING.*"
"permissions\\[1\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:safeRegexMatch error:type should be OBJECT.*"
"permissions\\[2\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:rangeMatch error:type should be OBJECT.*"
"permissions\\[3\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:presentMatch error:type should be BOOLEAN.*"
"permissions\\[4\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:prefixMatch error:type should be STRING.*"
"permissions\\[5\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:suffixMatch error:type should be STRING.*"
"permissions\\[6\\]" CHILD_ERROR_TAG "header" CHILD_ERROR_TAG
"field:containsMatch error:type should be STRING.*"));
GRPC_ERROR_UNREF(error);
}
TEST(RbacServiceConfigParsingTest, StringMatcherVariousTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"requestedServerName\":{\"exact\":\"\", \n"
" \"ignoreCase\":true}},\n"
" {\"requestedServerName\":{\"prefix\":\"\"}},\n"
" {\"requestedServerName\":{\"suffix\":\"\"}},\n"
" {\"requestedServerName\":{\"safeRegex\":{\n"
" \"regex\":\"\"}}},\n"
" {\"requestedServerName\":{\"contains\":\"\"}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
ASSERT_EQ(error, GRPC_ERROR_NONE) << grpc_error_std_string(error);
const auto* vector_ptr =
svc_cfg->GetMethodParsedConfigVector(grpc_empty_slice());
ASSERT_NE(vector_ptr, nullptr);
auto* parsed_rbac_config = static_cast<RbacMethodParsedConfig*>(
((*vector_ptr)[RbacServiceConfigParser::ParserIndex()]).get());
ASSERT_NE(parsed_rbac_config, nullptr);
ASSERT_NE(parsed_rbac_config->authorization_engine(0), nullptr);
EXPECT_EQ(parsed_rbac_config->authorization_engine(0)->num_policies(), 1);
}
TEST(RbacServiceConfigParsingTest, StringMatcherBadTypes) {
const char* test_json =
"{\n"
" \"methodConfig\": [ {\n"
" \"name\": [\n"
" {}\n"
" ],\n"
" \"rbacPolicy\": [{\n"
" \"rules\":{\n"
" \"action\":1,\n"
" \"policies\":{\n"
" \"policy\":{\n"
" \"permissions\":[\n"
" {\"requestedServerName\":{\"exact\":1, \n"
" \"ignoreCase\":1}},\n"
" {\"requestedServerName\":{\"prefix\":1}},\n"
" {\"requestedServerName\":{\"suffix\":1}},\n"
" {\"requestedServerName\":{\"safeRegex\":1}},\n"
" {\"requestedServerName\":{\"contains\":1}}\n"
" ],\n"
" \"principals\":[]\n"
" }\n"
" }\n"
" }\n"
" } ]\n"
" } ]\n"
"}";
grpc_error_handle error = GRPC_ERROR_NONE;
grpc_arg arg = grpc_channel_arg_integer_create(
const_cast<char*>(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG), 1);
grpc_channel_args args = {1, &arg};
auto svc_cfg = ServiceConfig::Create(&args, test_json, &error);
EXPECT_THAT(
grpc_error_std_string(error),
::testing::ContainsRegex("Rbac parser" CHILD_ERROR_TAG
"rbacPolicy\\[0\\]" CHILD_ERROR_TAG
"policies key:'policy'" CHILD_ERROR_TAG
"permissions\\[0\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:ignoreCase error:type should be BOOLEAN.*"
"field:exact error:type should be STRING.*"
"permissions\\[1\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:prefix error:type should be STRING.*"
"permissions\\[2\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:suffix error:type should be STRING.*"
"permissions\\[3\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:safeRegex error:type should be OBJECT.*"
"permissions\\[4\\]" CHILD_ERROR_TAG
"requestedServerName" CHILD_ERROR_TAG
"field:contains error:type should be STRING.*"));
GRPC_ERROR_UNREF(error);
}
} // namespace
} // namespace testing
} // namespace grpc_core
int main(int argc, char** argv) {
grpc::testing::TestEnvironment env(argc, argv);
::testing::InitGoogleTest(&argc, argv);
grpc_init();
int ret = RUN_ALL_TESTS();
grpc_shutdown();
return ret;
}

@ -39,6 +39,8 @@ class TestServerConfigSelectorProvider : public ServerConfigSelectorProvider {
return absl::UnavailableError("Test ServerConfigSelector"); return absl::UnavailableError("Test ServerConfigSelector");
} }
void Orphan() override {}
void CancelWatch() override {} void CancelWatch() override {}
}; };

@ -89,6 +89,7 @@ grpc_cc_test(
"//src/proto/grpc/testing/xds/v3:fault_common_proto", "//src/proto/grpc/testing/xds/v3:fault_common_proto",
"//src/proto/grpc/testing/xds/v3:fault_proto", "//src/proto/grpc/testing/xds/v3:fault_proto",
"//src/proto/grpc/testing/xds/v3:http_connection_manager_proto", "//src/proto/grpc/testing/xds/v3:http_connection_manager_proto",
"//src/proto/grpc/testing/xds/v3:http_filter_rbac_proto",
"//src/proto/grpc/testing/xds/v3:listener_proto", "//src/proto/grpc/testing/xds/v3:listener_proto",
"//src/proto/grpc/testing/xds/v3:route_proto", "//src/proto/grpc/testing/xds/v3:route_proto",
"//src/proto/grpc/testing/xds/v3:router_proto", "//src/proto/grpc/testing/xds/v3:router_proto",

File diff suppressed because it is too large Load Diff

@ -86,6 +86,7 @@ proto_files=( \
"envoy/extensions/clusters/aggregate/v3/cluster.proto" \ "envoy/extensions/clusters/aggregate/v3/cluster.proto" \
"envoy/extensions/filters/common/fault/v3/fault.proto" \ "envoy/extensions/filters/common/fault/v3/fault.proto" \
"envoy/extensions/filters/http/fault/v3/fault.proto" \ "envoy/extensions/filters/http/fault/v3/fault.proto" \
"envoy/extensions/filters/http/rbac/v3/rbac.proto" \
"envoy/extensions/filters/http/router/v3/router.proto" \ "envoy/extensions/filters/http/router/v3/router.proto" \
"envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto" \ "envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto" \
"envoy/extensions/transport_sockets/tls/v3/cert.proto" \ "envoy/extensions/transport_sockets/tls/v3/cert.proto" \

@ -1182,6 +1182,10 @@ src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/max_age/max_age_filter.h \ src/core/ext/filters/max_age/max_age_filter.h \
src/core/ext/filters/message_size/message_size_filter.cc \ src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/message_size/message_size_filter.h \ src/core/ext/filters/message_size/message_size_filter.h \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_filter.h \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.h \
src/core/ext/filters/server_config_selector/server_config_selector.cc \ src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector.h \ src/core/ext/filters/server_config_selector/server_config_selector.h \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \ src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
@ -1377,6 +1381,8 @@ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h \ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h \ src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h \ src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
@ -1577,6 +1583,8 @@ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
@ -1591,6 +1599,8 @@ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.up
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
@ -1653,6 +1663,16 @@ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h \ src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.h \ src/core/ext/upbdefs-generated/google/api/http.upbdefs.h \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \ src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
@ -1730,6 +1750,8 @@ src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_fault_filter.h \ src/core/ext/xds/xds_http_fault_filter.h \
src/core/ext/xds/xds_http_filters.cc \ src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_filters.h \ src/core/ext/xds/xds_http_filters.h \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_http_rbac_filter.h \
src/core/ext/xds/xds_listener.cc \ src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_listener.h \ src/core/ext/xds/xds_listener.h \
src/core/ext/xds/xds_resource_type.cc \ src/core/ext/xds/xds_resource_type.cc \
@ -2092,6 +2114,12 @@ src/core/lib/security/authorization/authorization_policy_provider.h \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \ src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \ src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \ src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/grpc_authorization_engine.h \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/matchers.h \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/rbac_policy.h \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \ src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.h \ src/core/lib/security/authorization/sdk_server_authz_filter.h \
src/core/lib/security/context/security_context.cc \ src/core/lib/security/context/security_context.cc \

@ -1006,6 +1006,10 @@ src/core/ext/filters/max_age/max_age_filter.cc \
src/core/ext/filters/max_age/max_age_filter.h \ src/core/ext/filters/max_age/max_age_filter.h \
src/core/ext/filters/message_size/message_size_filter.cc \ src/core/ext/filters/message_size/message_size_filter.cc \
src/core/ext/filters/message_size/message_size_filter.h \ src/core/ext/filters/message_size/message_size_filter.h \
src/core/ext/filters/rbac/rbac_filter.cc \
src/core/ext/filters/rbac/rbac_filter.h \
src/core/ext/filters/rbac/rbac_service_config_parser.cc \
src/core/ext/filters/rbac/rbac_service_config_parser.h \
src/core/ext/filters/server_config_selector/server_config_selector.cc \ src/core/ext/filters/server_config_selector/server_config_selector.cc \
src/core/ext/filters/server_config_selector/server_config_selector.h \ src/core/ext/filters/server_config_selector/server_config_selector.h \
src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \ src/core/ext/filters/server_config_selector/server_config_selector_filter.cc \
@ -1171,6 +1175,8 @@ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c
src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h \ src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h \ src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/rbac/v3/rbac.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c \
src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h \ src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h \
src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \ src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c \
@ -1371,6 +1377,8 @@ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c \
@ -1385,6 +1393,8 @@ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.up
src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/rbac/v3/rbac.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h \
src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \ src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c \
@ -1447,6 +1457,16 @@ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.c \
src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h \ src/core/ext/upbdefs-generated/envoy/type/v3/semantic_version.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h \ src/core/ext/upbdefs-generated/google/api/annotations.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/checked.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/eval.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/explain.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/syntax.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/expr/v1alpha1/value.upbdefs.h \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \ src/core/ext/upbdefs-generated/google/api/http.upbdefs.c \
src/core/ext/upbdefs-generated/google/api/http.upbdefs.h \ src/core/ext/upbdefs-generated/google/api/http.upbdefs.h \
src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \ src/core/ext/upbdefs-generated/google/protobuf/any.upbdefs.c \
@ -1524,6 +1544,8 @@ src/core/ext/xds/xds_http_fault_filter.cc \
src/core/ext/xds/xds_http_fault_filter.h \ src/core/ext/xds/xds_http_fault_filter.h \
src/core/ext/xds/xds_http_filters.cc \ src/core/ext/xds/xds_http_filters.cc \
src/core/ext/xds/xds_http_filters.h \ src/core/ext/xds/xds_http_filters.h \
src/core/ext/xds/xds_http_rbac_filter.cc \
src/core/ext/xds/xds_http_rbac_filter.h \
src/core/ext/xds/xds_listener.cc \ src/core/ext/xds/xds_listener.cc \
src/core/ext/xds/xds_listener.h \ src/core/ext/xds/xds_listener.h \
src/core/ext/xds/xds_resource_type.cc \ src/core/ext/xds/xds_resource_type.cc \
@ -1891,6 +1913,12 @@ src/core/lib/security/authorization/authorization_policy_provider.h \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \ src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \ src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \ src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/authorization/grpc_authorization_engine.cc \
src/core/lib/security/authorization/grpc_authorization_engine.h \
src/core/lib/security/authorization/matchers.cc \
src/core/lib/security/authorization/matchers.h \
src/core/lib/security/authorization/rbac_policy.cc \
src/core/lib/security/authorization/rbac_policy.h \
src/core/lib/security/authorization/sdk_server_authz_filter.cc \ src/core/lib/security/authorization/sdk_server_authz_filter.cc \
src/core/lib/security/authorization/sdk_server_authz_filter.h \ src/core/lib/security/authorization/sdk_server_authz_filter.h \
src/core/lib/security/context/security_context.cc \ src/core/lib/security/context/security_context.cc \

@ -5863,6 +5863,30 @@
], ],
"uses_polling": true "uses_polling": true
}, },
{
"args": [],
"benchmark": false,
"ci_platforms": [
"linux",
"mac",
"posix",
"windows"
],
"cpu_cost": 1.0,
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
"gtest": true,
"language": "c++",
"name": "rbac_service_config_parser_test",
"platforms": [
"linux",
"mac",
"posix",
"windows"
],
"uses_polling": false
},
{ {
"args": [], "args": [],
"benchmark": false, "benchmark": false,

Loading…
Cancel
Save