Chiebot-Mirror
/
grpc
mirror of https://github.com/grpc/grpc.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

Static policy provider implementation. (#26134)

Browse Source
pull/26429/head
Ashitha Santhosh 4 years ago committed by GitHub
parent 304262e135
commit b9a643a817
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
41 changed files with 868 additions and 39 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 27
      BUILD
  2. 6
      BUILD.gn
  3. 103
      CMakeLists.txt
  4. 5
      Makefile
  5. 85
      build_autogenerated.yaml
  6. 3
      config.m4
  7. 3
      config.w32
  8. 7
      gRPC-C++.podspec
  9. 8
      gRPC-Core.podspec
  10. 3
      grpc.def
  11. 5
      grpc.gemspec
  12. 3
      grpc.gyp
  13. 8
      include/grpc/grpc.h
  14. 32
      include/grpc/grpc_security.h
  15. 4
      include/grpc/impl/codegen/grpc_types.h
  16. 67
      include/grpcpp/security/authorization_policy_provider.h
  17. 9
      include/grpcpp/server_builder.h
  18. 5
      package.xml
  19. 4
      src/core/lib/security/authorization/authorization_engine.h
  20. 32
      src/core/lib/security/authorization/authorization_policy_provider.h
  21. 24
      src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc
  22. 46
      src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
  23. 2
      src/core/lib/security/authorization/grpc_authorization_engine.h
  24. 67
      src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
  25. 60
      src/core/lib/security/authorization/grpc_authorization_policy_provider.h
  26. 2
      src/core/lib/security/authorization/matchers.cc
  27. 45
      src/cpp/server/authorization_policy_provider.cc
  28. 11
      src/cpp/server/server_builder.cc
  29. 2
      src/python/grpcio/grpc_core_dependencies.py
  30. 6
      src/ruby/ext/grpc/rb_grpc_imports.generated.c
  31. 9
      src/ruby/ext/grpc/rb_grpc_imports.generated.h
  32. 16
      test/core/security/BUILD
  33. 62
      test/core/security/grpc_authorization_policy_provider_test.cc
  34. 1
      test/core/surface/BUILD
  35. 3
      test/core/surface/public_headers_must_be_c89.c
  36. 15
      test/cpp/server/BUILD
  37. 57
      test/cpp/server/authorization_policy_provider_test.cc
  38. 1
      tools/doxygen/Doxyfile.c++
  39. 6
      tools/doxygen/Doxyfile.c++.internal
  40. 5
      tools/doxygen/Doxyfile.core.internal
  41. 48
      tools/run_tests/generated/tests.json

27
BUILD
Unescape View File

@ -264,6 +264,7 @@ GRPCXX_PUBLIC_HDRS = [
"include/grpcpp/security/credentials.h",
"include/grpcpp/security/server_credentials.h",
"include/grpcpp/security/tls_certificate_provider.h",
"include/grpcpp/security/authorization_policy_provider.h",
"include/grpcpp/security/tls_credentials_options.h",
"include/grpcpp/server.h",
"include/grpcpp/server_builder.h",
@ -306,6 +307,7 @@ grpc_cc_library(
grpc_cc_library(
name = "grpc_unsecure",
srcs = [
"src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc",
"src/core/lib/surface/init.cc",
"src/core/lib/surface/init_unsecure.cc",
"src/core/plugin_registry/grpc_unsecure_plugin_registry.cc",
@ -1945,6 +1947,8 @@ grpc_cc_library(
name = "grpc_secure",
srcs = [
"src/core/lib/http/httpcli_security_connector.cc",
"src/core/lib/security/authorization/authorization_policy_provider_vtable.cc",
"src/core/lib/security/authorization/evaluate_args.cc",
"src/core/lib/security/context/security_context.cc",
"src/core/lib/security/credentials/alts/alts_credentials.cc",
"src/core/lib/security/credentials/composite/composite_credentials.cc",
@ -1994,6 +1998,9 @@ grpc_cc_library(
hdrs = [
"src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.h",
"src/core/ext/xds/xds_channel_args.h",
"src/core/lib/security/authorization/authorization_engine.h",
"src/core/lib/security/authorization/authorization_policy_provider.h",
"src/core/lib/security/authorization/evaluate_args.h",
"src/core/lib/security/context/security_context.h",
"src/core/lib/security/credentials/alts/alts_credentials.h",
"src/core/lib/security/credentials/composite/composite_credentials.h",
@ -2086,14 +2093,11 @@ grpc_cc_library(
grpc_cc_library(
name = "grpc_rbac_engine",
srcs = [
"src/core/lib/security/authorization/evaluate_args.cc",
"src/core/lib/security/authorization/grpc_authorization_engine.cc",
"src/core/lib/security/authorization/matchers.cc",
"src/core/lib/security/authorization/rbac_policy.cc",
],
hdrs = [
"src/core/lib/security/authorization/authorization_engine.h",
"src/core/lib/security/authorization/evaluate_args.h",
"src/core/lib/security/authorization/grpc_authorization_engine.h",
"src/core/lib/security/authorization/matchers.h",
"src/core/lib/security/authorization/rbac_policy.h",
@ -2110,18 +2114,33 @@ grpc_cc_library(
grpc_cc_library(
name = "grpc_authorization_provider",
srcs = [
"src/core/lib/security/authorization/grpc_authorization_policy_provider.cc",
"src/core/lib/security/authorization/rbac_translator.cc",
],
hdrs = [
"src/core/lib/security/authorization/grpc_authorization_policy_provider.h",
"src/core/lib/security/authorization/rbac_translator.h",
],
language = "c++",
deps = [
"grpc_matchers",
"grpc_rbac_engine",
],
)
# This target pulls in a dependency on RE2 and should not be linked into grpc by default for binary-size reasons.
grpc_cc_library(
name = "grpc++_authorization_provider",
srcs = [
"src/cpp/server/authorization_policy_provider.cc",
],
language = "c++",
public_hdrs = GRPCXX_PUBLIC_HDRS + GRPC_SECURE_PUBLIC_HDRS,
deps = [
"grpc++_codegen_base",
"grpc_authorization_provider",
],
)
# This target pulls in a dependency on RE2 and should not be linked into grpc by default for binary-size reasons.
grpc_cc_library(
name = "grpc_cel_engine",

6
BUILD.gn
Unescape View File

@ -1049,6 +1049,11 @@ config("grpc_config") {
"src/core/lib/json/json_writer.cc",
"src/core/lib/matchers/matchers.cc",
"src/core/lib/matchers/matchers.h",
"src/core/lib/security/authorization/authorization_engine.h",
"src/core/lib/security/authorization/authorization_policy_provider.h",
"src/core/lib/security/authorization/authorization_policy_provider_vtable.cc",
"src/core/lib/security/authorization/evaluate_args.cc",
"src/core/lib/security/authorization/evaluate_args.h",
"src/core/lib/security/context/security_context.cc",
"src/core/lib/security/context/security_context.h",
"src/core/lib/security/credentials/alts/alts_credentials.cc",
@ -1456,6 +1461,7 @@ config("grpc_config") {
"include/grpcpp/resource_quota.h",
"include/grpcpp/security/auth_context.h",
"include/grpcpp/security/auth_metadata_processor.h",
"include/grpcpp/security/authorization_policy_provider.h",
"include/grpcpp/security/credentials.h",
"include/grpcpp/security/server_credentials.h",
"include/grpcpp/security/tls_certificate_provider.h",

103
CMakeLists.txt
Unescape View File

@ -738,6 +738,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx async_end2end_test)
add_dependencies(buildtests_cxx auth_property_iterator_test)
add_dependencies(buildtests_cxx authorization_matchers_test)
add_dependencies(buildtests_cxx authorization_policy_provider_test)
add_dependencies(buildtests_cxx aws_request_signer_test)
add_dependencies(buildtests_cxx backoff_test)
add_dependencies(buildtests_cxx bad_streaming_id_bad_client_test)
@ -859,6 +860,7 @@ if(gRPC_BUILD_TESTS)
add_dependencies(buildtests_cxx global_config_test)
add_dependencies(buildtests_cxx google_mesh_ca_certificate_provider_factory_test)
add_dependencies(buildtests_cxx grpc_authorization_engine_test)
add_dependencies(buildtests_cxx grpc_authorization_policy_provider_test)
add_dependencies(buildtests_cxx grpc_cli)
add_dependencies(buildtests_cxx grpc_tls_certificate_distributor_test)
add_dependencies(buildtests_cxx grpc_tls_certificate_provider_test)
@ -1915,6 +1917,8 @@ add_library(grpc
src/core/lib/json/json_util.cc
src/core/lib/json/json_writer.cc
src/core/lib/matchers/matchers.cc
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/context/security_context.cc
src/core/lib/security/credentials/alts/alts_credentials.cc
src/core/lib/security/credentials/alts/check_gcp_environment.cc
@ -2535,6 +2539,7 @@ add_library(grpc_unsecure
src/core/lib/json/json_reader.cc
src/core/lib/json/json_util.cc
src/core/lib/json/json_writer.cc
src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc
src/core/lib/slice/b64.cc
src/core/lib/slice/percent_encoding.cc
src/core/lib/slice/slice.cc
@ -2973,6 +2978,7 @@ foreach(_hdr
include/grpcpp/resource_quota.h
include/grpcpp/security/auth_context.h
include/grpcpp/security/auth_metadata_processor.h
include/grpcpp/security/authorization_policy_provider.h
include/grpcpp/security/credentials.h
include/grpcpp/security/server_credentials.h
include/grpcpp/security/tls_certificate_provider.h
@ -3621,6 +3627,7 @@ foreach(_hdr
include/grpcpp/resource_quota.h
include/grpcpp/security/auth_context.h
include/grpcpp/security/auth_metadata_processor.h
include/grpcpp/security/authorization_policy_provider.h
include/grpcpp/security/credentials.h
include/grpcpp/security/server_credentials.h
include/grpcpp/security/tls_certificate_provider.h
@ -6490,6 +6497,11 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(public_headers_must_be_c89
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
test/core/surface/public_headers_must_be_c89.c
)
@ -8020,7 +8032,6 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(authorization_matchers_test
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
@ -8055,6 +8066,48 @@ target_link_libraries(authorization_matchers_test
)
endif()
if(gRPC_BUILD_TESTS)
add_executable(authorization_policy_provider_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
src/cpp/server/authorization_policy_provider.cc
test/cpp/server/authorization_policy_provider_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
)
target_include_directories(authorization_policy_provider_test
PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
${_gRPC_RE2_INCLUDE_DIR}
${_gRPC_SSL_INCLUDE_DIR}
${_gRPC_UPB_GENERATED_DIR}
${_gRPC_UPB_GRPC_GENERATED_DIR}
${_gRPC_UPB_INCLUDE_DIR}
${_gRPC_XXHASH_INCLUDE_DIR}
${_gRPC_ZLIB_INCLUDE_DIR}
third_party/googletest/googletest/include
third_party/googletest/googletest
third_party/googletest/googlemock/include
third_party/googletest/googlemock
${_gRPC_PROTO_GENS_DIR}
)
target_link_libraries(authorization_policy_provider_test
${_gRPC_PROTOBUF_LIBRARIES}
${_gRPC_ALLTARGETS_LIBRARIES}
grpc++
grpc_test_util
)
endif()
if(gRPC_BUILD_TESTS)
@ -9135,7 +9188,6 @@ if(gRPC_BUILD_TESTS)
add_executable(cel_authorization_engine_test
src/core/lib/security/authorization/cel_authorization_engine.cc
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
@ -10355,10 +10407,6 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(evaluate_args_test
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
test/core/security/evaluate_args_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
@ -10771,7 +10819,6 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(grpc_authorization_engine_test
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
@ -10806,6 +10853,46 @@ target_link_libraries(grpc_authorization_engine_test
)
endif()
if(gRPC_BUILD_TESTS)
add_executable(grpc_authorization_policy_provider_test
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc
test/core/security/grpc_authorization_policy_provider_test.cc
third_party/googletest/googletest/src/gtest-all.cc
third_party/googletest/googlemock/src/gmock-all.cc
)
target_include_directories(grpc_authorization_policy_provider_test
PRIVATE
${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/include
${_gRPC_ADDRESS_SORTING_INCLUDE_DIR}
${_gRPC_RE2_INCLUDE_DIR}
${_gRPC_SSL_INCLUDE_DIR}
${_gRPC_UPB_GENERATED_DIR}
${_gRPC_UPB_GRPC_GENERATED_DIR}
${_gRPC_UPB_INCLUDE_DIR}
${_gRPC_XXHASH_INCLUDE_DIR}
${_gRPC_ZLIB_INCLUDE_DIR}
third_party/googletest/googletest/include
third_party/googletest/googletest
third_party/googletest/googlemock/include
third_party/googletest/googlemock
${_gRPC_PROTO_GENS_DIR}
)
target_link_libraries(grpc_authorization_policy_provider_test
${_gRPC_PROTOBUF_LIBRARIES}
${_gRPC_ALLTARGETS_LIBRARIES}
grpc_test_util
)
endif()
if(gRPC_BUILD_TESTS)
@ -12838,8 +12925,8 @@ endif()
if(gRPC_BUILD_TESTS)
add_executable(rbac_translator_test
src/core/lib/security/authorization/evaluate_args.cc
src/core/lib/security/authorization/grpc_authorization_engine.cc
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
src/core/lib/security/authorization/matchers.cc
src/core/lib/security/authorization/rbac_policy.cc
src/core/lib/security/authorization/rbac_translator.cc

5
Makefile
Unescape View File

@ -1470,6 +1470,8 @@ LIBGRPC_SRC = \
src/core/lib/json/json_util.cc \
src/core/lib/json/json_writer.cc \
src/core/lib/matchers/matchers.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/alts/check_gcp_environment.cc \
@ -1941,6 +1943,7 @@ LIBGRPC_UNSECURE_SRC = \
src/core/lib/json/json_reader.cc \
src/core/lib/json/json_util.cc \
src/core/lib/json/json_writer.cc \
src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc \
src/core/lib/slice/b64.cc \
src/core/lib/slice/percent_encoding.cc \
src/core/lib/slice/slice.cc \
@ -2863,6 +2866,8 @@ src/core/ext/xds/xds_http_filters.cc: $(OPENSSL_DEP)
src/core/ext/xds/xds_server_config_fetcher.cc: $(OPENSSL_DEP)
src/core/lib/http/httpcli_security_connector.cc: $(OPENSSL_DEP)
src/core/lib/matchers/matchers.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc: $(OPENSSL_DEP)
src/core/lib/security/authorization/evaluate_args.cc: $(OPENSSL_DEP)
src/core/lib/security/context/security_context.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/alts/alts_credentials.cc: $(OPENSSL_DEP)
src/core/lib/security/credentials/alts/check_gcp_environment.cc: $(OPENSSL_DEP)

85
build_autogenerated.yaml
Unescape View File

@ -799,6 +799,9 @@ libs:
- src/core/lib/json/json.h
- src/core/lib/json/json_util.h
- src/core/lib/matchers/matchers.h
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/authorization_policy_provider.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/context/security_context.h
- src/core/lib/security/credentials/alts/alts_credentials.h
- src/core/lib/security/credentials/alts/check_gcp_environment.h
@ -1329,6 +1332,8 @@ libs:
- src/core/lib/json/json_util.cc
- src/core/lib/json/json_writer.cc
- src/core/lib/matchers/matchers.cc
- src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/context/security_context.cc
- src/core/lib/security/credentials/alts/alts_credentials.cc
- src/core/lib/security/credentials/alts/check_gcp_environment.cc
@ -2064,6 +2069,7 @@ libs:
- src/core/lib/json/json_reader.cc
- src/core/lib/json/json_util.cc
- src/core/lib/json/json_writer.cc
- src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc
- src/core/lib/slice/b64.cc
- src/core/lib/slice/percent_encoding.cc
- src/core/lib/slice/slice.cc
@ -2291,6 +2297,7 @@ libs:
- include/grpcpp/resource_quota.h
- include/grpcpp/security/auth_context.h
- include/grpcpp/security/auth_metadata_processor.h
- include/grpcpp/security/authorization_policy_provider.h
- include/grpcpp/security/credentials.h
- include/grpcpp/security/server_credentials.h
- include/grpcpp/security/tls_certificate_provider.h
@ -2636,6 +2643,7 @@ libs:
- include/grpcpp/resource_quota.h
- include/grpcpp/security/auth_context.h
- include/grpcpp/security/auth_metadata_processor.h
- include/grpcpp/security/authorization_policy_provider.h
- include/grpcpp/security/credentials.h
- include/grpcpp/security/server_credentials.h
- include/grpcpp/security/tls_certificate_provider.h
@ -3684,8 +3692,18 @@ targets:
- name: public_headers_must_be_c89
build: test
language: c
headers: []
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- test/core/surface/public_headers_must_be_c89.c
deps:
- grpc_test_util
@ -4235,19 +4253,37 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
src:
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/authorization_matchers_test.cc
deps:
- grpc_test_util
- name: authorization_policy_provider_test
gtest: true
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- src/cpp/server/authorization_policy_provider.cc
- test/cpp/server/authorization_policy_provider_test.cc
deps:
- grpc++
- grpc_test_util
- name: aws_request_signer_test
gtest: true
build: test
@ -4657,9 +4693,7 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/cel_authorization_engine.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/mock_cel/activation.h
@ -4671,7 +4705,6 @@ targets:
- src/core/lib/security/authorization/rbac_policy.h
src:
- src/core/lib/security/authorization/cel_authorization_engine.cc
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
@ -5070,17 +5103,8 @@ targets:
gtest: true
build: test
language: c++
headers:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
headers: []
src:
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/evaluate_args_test.cc
deps:
- grpc_test_util
@ -5200,19 +5224,35 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
src:
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- test/core/security/grpc_authorization_engine_test.cc
deps:
- grpc_test_util
- name: grpc_authorization_policy_provider_test
gtest: true
build: test
language: c++
headers:
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc
- test/core/security/grpc_authorization_policy_provider_test.cc
deps:
- grpc_test_util
- name: grpc_cli
build: test
run: false
@ -5974,15 +6014,14 @@ targets:
build: test
language: c++
headers:
- src/core/lib/security/authorization/authorization_engine.h
- src/core/lib/security/authorization/evaluate_args.h
- src/core/lib/security/authorization/grpc_authorization_engine.h
- src/core/lib/security/authorization/grpc_authorization_policy_provider.h
- src/core/lib/security/authorization/matchers.h
- src/core/lib/security/authorization/rbac_policy.h
- src/core/lib/security/authorization/rbac_translator.h
src:
- src/core/lib/security/authorization/evaluate_args.cc
- src/core/lib/security/authorization/grpc_authorization_engine.cc
- src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
- src/core/lib/security/authorization/matchers.cc
- src/core/lib/security/authorization/rbac_policy.cc
- src/core/lib/security/authorization/rbac_translator.cc

3
config.m4
Unescape View File

@ -523,6 +523,8 @@ if test "$PHP_GRPC" != "no"; then
src/core/lib/matchers/matchers.cc \
src/core/lib/profiling/basic_timers.cc \
src/core/lib/profiling/stap_timers.cc \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/credentials/alts/alts_credentials.cc \
src/core/lib/security/credentials/alts/check_gcp_environment.cc \
@ -1169,6 +1171,7 @@ if test "$PHP_GRPC" != "no"; then
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/json)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/matchers)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/profiling)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/authorization)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/context)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials)
PHP_ADD_BUILD_DIR($ext_builddir/src/core/lib/security/credentials/alts)

3
config.w32
Unescape View File

@ -489,6 +489,8 @@ if (PHP_GRPC != "no") {
"src\\core\\lib\\matchers\\matchers.cc " +
"src\\core\\lib\\profiling\\basic_timers.cc " +
"src\\core\\lib\\profiling\\stap_timers.cc " +
"src\\core\\lib\\security\\authorization\\authorization_policy_provider_vtable.cc " +
"src\\core\\lib\\security\\authorization\\evaluate_args.cc " +
"src\\core\\lib\\security\\context\\security_context.cc " +
"src\\core\\lib\\security\\credentials\\alts\\alts_credentials.cc " +
"src\\core\\lib\\security\\credentials\\alts\\check_gcp_environment.cc " +
@ -1271,6 +1273,7 @@ if (PHP_GRPC != "no") {
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\matchers");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\profiling");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\authorization");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\context");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials");
FSO.CreateFolder(base_dir+"\\ext\\grpc\\src\\core\\lib\\security\\credentials\\alts");

7
gRPC-C++.podspec
Unescape View File

@ -149,6 +149,7 @@ Pod::Spec.new do |s|
'include/grpcpp/resource_quota.h',
'include/grpcpp/security/auth_context.h',
'include/grpcpp/security/auth_metadata_processor.h',
'include/grpcpp/security/authorization_policy_provider.h',
'include/grpcpp/security/credentials.h',
'include/grpcpp/security/server_credentials.h',
'include/grpcpp/security/tls_certificate_provider.h',
@ -632,6 +633,9 @@ Pod::Spec.new do |s|
'src/core/lib/json/json_util.h',
'src/core/lib/matchers/matchers.h',
'src/core/lib/profiling/timers.h',
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/alts/check_gcp_environment.h',
@ -1273,6 +1277,9 @@ Pod::Spec.new do |s|
'src/core/lib/json/json_util.h',
'src/core/lib/matchers/matchers.h',
'src/core/lib/profiling/timers.h',
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/alts/check_gcp_environment.h',

8
gRPC-Core.podspec
Unescape View File

@ -1102,6 +1102,11 @@ Pod::Spec.new do |s|
'src/core/lib/profiling/basic_timers.cc',
'src/core/lib/profiling/stap_timers.cc',
'src/core/lib/profiling/timers.h',
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.cc',
@ -1834,6 +1839,9 @@ Pod::Spec.new do |s|
'src/core/lib/json/json_util.h',
'src/core/lib/matchers/matchers.h',
'src/core/lib/profiling/timers.h',
'src/core/lib/security/authorization/authorization_engine.h',
'src/core/lib/security/authorization/authorization_policy_provider.h',
'src/core/lib/security/authorization/evaluate_args.h',
'src/core/lib/security/context/security_context.h',
'src/core/lib/security/credentials/alts/alts_credentials.h',
'src/core/lib/security/credentials/alts/check_gcp_environment.h',

3
grpc.def
Unescape View File

@ -84,6 +84,7 @@ EXPORTS
grpc_channelz_get_channel
grpc_channelz_get_subchannel
grpc_channelz_get_socket
grpc_authorization_policy_provider_arg_vtable
grpc_insecure_channel_create_from_fd
grpc_server_add_insecure_channel_from_fd
grpc_auth_property_iterator_next
@ -159,6 +160,8 @@ EXPORTS
grpc_tls_server_authorization_check_config_release
grpc_xds_credentials_create
grpc_xds_server_credentials_create
grpc_authorization_policy_provider_static_data_create
grpc_authorization_policy_provider_release
grpc_raw_byte_buffer_create
grpc_raw_compressed_byte_buffer_create
grpc_byte_buffer_copy

5
grpc.gemspec
Unescape View File

@ -1023,6 +1023,11 @@ Gem::Specification.new do |s|
s.files += %w( src/core/lib/profiling/basic_timers.cc )
s.files += %w( src/core/lib/profiling/stap_timers.cc )
s.files += %w( src/core/lib/profiling/timers.h )
s.files += %w( src/core/lib/security/authorization/authorization_engine.h )
s.files += %w( src/core/lib/security/authorization/authorization_policy_provider.h )
s.files += %w( src/core/lib/security/authorization/authorization_policy_provider_vtable.cc )
s.files += %w( src/core/lib/security/authorization/evaluate_args.cc )
s.files += %w( src/core/lib/security/authorization/evaluate_args.h )
s.files += %w( src/core/lib/security/context/security_context.cc )
s.files += %w( src/core/lib/security/context/security_context.h )
s.files += %w( src/core/lib/security/credentials/alts/alts_credentials.cc )

3
grpc.gyp
Unescape View File

@ -888,6 +888,8 @@
'src/core/lib/json/json_util.cc',
'src/core/lib/json/json_writer.cc',
'src/core/lib/matchers/matchers.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/alts/check_gcp_environment.cc',
@ -1330,6 +1332,7 @@
'src/core/lib/json/json_reader.cc',
'src/core/lib/json/json_util.cc',
'src/core/lib/json/json_writer.cc',
'src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc',
'src/core/lib/slice/b64.cc',
'src/core/lib/slice/percent_encoding.cc',
'src/core/lib/slice/slice.cc',

8
include/grpc/grpc.h
Unescape View File

@ -555,6 +555,14 @@ GRPCAPI char* grpc_channelz_get_subchannel(intptr_t subchannel_id);
is allocated and must be freed by the application. */
GRPCAPI char* grpc_channelz_get_socket(intptr_t socket_id);
/**
* EXPERIMENTAL - Subject to change.
* Fetch a vtable for grpc_channel_arg that points to
* grpc_authorization_policy_provider.
*/
GRPCAPI const grpc_arg_pointer_vtable*
grpc_authorization_policy_provider_arg_vtable(void);
#ifdef __cplusplus
}
#endif

32
include/grpc/grpc_security.h
Unescape View File

@ -1097,6 +1097,38 @@ GRPCAPI grpc_channel_credentials* grpc_xds_credentials_create(
GRPCAPI grpc_server_credentials* grpc_xds_server_credentials_create(
grpc_server_credentials* fallback_credentials);
/**
* EXPERIMENTAL - Subject to change.
* An opaque type that is responsible for providing authorization policies to
* gRPC.
*/
typedef struct grpc_authorization_policy_provider
grpc_authorization_policy_provider;
/**
* EXPERIMENTAL - Subject to change.
* Creates a grpc_authorization_policy_provider using SDK authorization policy
* from static string.
* - authz_policy is the input SDK authorization policy.
* - code is the error status code on failure. On success, it equals
* GRPC_STATUS_OK.
* - error_details contains details about the error if any. If the
* initialization is successful, it will be null. Caller must use gpr_free to
* destroy this string.
*/
GRPCAPI grpc_authorization_policy_provider*
grpc_authorization_policy_provider_static_data_create(
const char* authz_policy, grpc_status_code* code,
const char** error_details);
/**
* EXPERIMENTAL - Subject to change.
* Releases grpc_authorization_policy_provider object. The creator of
* grpc_authorization_policy_provider is responsible for its release.
*/
GRPCAPI void grpc_authorization_policy_provider_release(
grpc_authorization_policy_provider* provider);
#ifdef __cplusplus
}
#endif

4
include/grpc/impl/codegen/grpc_types.h
Unescape View File

@ -428,6 +428,10 @@ typedef struct {
#define GRPC_ARG_CHANNEL_POOL_DOMAIN "grpc.channel_pooling_domain"
/** gRPC Objective-C channel pooling id. */
#define GRPC_ARG_CHANNEL_ID "grpc.channel_id"
/** Channel argument for grpc_authorization_policy_provider. If present, enables
gRPC authorization check. */
#define GRPC_ARG_AUTHORIZATION_POLICY_PROVIDER \
"grpc.authorization_policy_provider"
/** \} */
/** Result of a grpc call. If the caller satisfies the prerequisites of a

67
include/grpcpp/security/authorization_policy_provider.h
Unescape View File

@ -0,0 +1,67 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef GRPCPP_SECURITY_AUTHORIZATION_POLICY_PROVIDER_H
#define GRPCPP_SECURITY_AUTHORIZATION_POLICY_PROVIDER_H
#include <grpc/status.h>
#include <grpcpp/impl/codegen/grpc_library.h>
#include <memory>
// TODO(yihuazhang): remove the forward declaration here and include
// <grpc/grpc_security.h> directly once the insecure builds are cleaned up.
typedef struct grpc_authorization_policy_provider
grpc_authorization_policy_provider;
namespace grpc {
namespace experimental {
// Wrapper around C-core grpc_authorization_policy_provider. Internally, it
// handles creating and updating authorization engine objects, using SDK
// authorization policy.
class AuthorizationPolicyProviderInterface {
public:
virtual ~AuthorizationPolicyProviderInterface() = default;
virtual grpc_authorization_policy_provider* c_provider() = 0;
};
// Implementation obtains authorization policy from static string. This provider
// will always return the same authorization engines.
class StaticDataAuthorizationPolicyProvider
: public AuthorizationPolicyProviderInterface {
public:
static std::shared_ptr<StaticDataAuthorizationPolicyProvider> Create(
const std::string& authz_policy, grpc::Status* status);
// Use factory method "Create" to create an instance of
// StaticDataAuthorizationPolicyProvider.
explicit StaticDataAuthorizationPolicyProvider(
grpc_authorization_policy_provider* provider)
: c_provider_(provider) {}
~StaticDataAuthorizationPolicyProvider() override;
grpc_authorization_policy_provider* c_provider() override {
return c_provider_;
}
private:
grpc_authorization_policy_provider* c_provider_ = nullptr;
};
} // namespace experimental
} // namespace grpc
#endif // GRPCPP_SECURITY_AUTHORIZATION_POLICY_PROVIDER_H

9
include/grpcpp/server_builder.h
Unescape View File

@ -33,6 +33,7 @@
#include <grpcpp/impl/codegen/server_interceptor.h>
#include <grpcpp/impl/server_builder_option.h>
#include <grpcpp/impl/server_builder_plugin.h>
#include <grpcpp/security/authorization_policy_provider.h>
#include <grpcpp/server.h>
#include <grpcpp/support/config.h>
@ -295,6 +296,12 @@ class ServerBuilder {
AddExternalConnectionAcceptor(ExternalConnectionType type,
std::shared_ptr<ServerCredentials> creds);
/// Sets server authorization policy provider in
/// GRPC_ARG_AUTHORIZATION_POLICY_PROVIDER channel argument.
void SetAuthorizationPolicyProvider(
std::shared_ptr<experimental::AuthorizationPolicyProviderInterface>
provider);
private:
ServerBuilder* builder_;
};
@ -425,6 +432,8 @@ class ServerBuilder {
std::vector<std::shared_ptr<grpc::internal::ExternalConnectionAcceptorImpl>>
acceptors_;
grpc_server_config_fetcher* server_config_fetcher_ = nullptr;
std::shared_ptr<experimental::AuthorizationPolicyProviderInterface>
authorization_provider_;
};
} // namespace grpc

5
package.xml
Unescape View File

@ -1003,6 +1003,11 @@
<file baseinstalldir="/" name="src/core/lib/profiling/basic_timers.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/profiling/stap_timers.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/profiling/timers.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/authorization_engine.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/authorization_policy_provider.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/authorization_policy_provider_vtable.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/authorization/evaluate_args.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/context/security_context.cc" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/context/security_context.h" role="src" />
<file baseinstalldir="/" name="src/core/lib/security/credentials/alts/alts_credentials.cc" role="src" />

4
src/core/lib/security/authorization/authorization_engine.h
Unescape View File

@ -19,12 +19,13 @@
#include <string>
#include "src/core/lib/gprpp/ref_counted.h"
#include "src/core/lib/security/authorization/evaluate_args.h"
namespace grpc_core {
// Interface for gRPC Authorization Engine.
class AuthorizationEngine {
class AuthorizationEngine : public RefCounted<AuthorizationEngine> {
public:
struct Decision {
enum class Type {
@ -35,7 +36,6 @@ class AuthorizationEngine {
std::string matching_policy_name;
};
virtual ~AuthorizationEngine() = default;
virtual Decision Evaluate(const EvaluateArgs& args) const = 0;
};

32
src/core/lib/security/authorization/authorization_policy_provider.h
Unescape View File

@ -0,0 +1,32 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_POLICY_PROVIDER_H
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_POLICY_PROVIDER_H
#include <grpc/support/port_platform.h>
#include "src/core/lib/gprpp/dual_ref_counted.h"
#include "src/core/lib/security/authorization/authorization_engine.h"
struct grpc_authorization_policy_provider
: public grpc_core::DualRefCounted<grpc_authorization_policy_provider> {
public:
virtual grpc_core::RefCountedPtr<grpc_core::AuthorizationEngine>
allow_engine() const = 0;
virtual grpc_core::RefCountedPtr<grpc_core::AuthorizationEngine> deny_engine()
const = 0;
};
#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_POLICY_PROVIDER_H

24
src/core/lib/security/authorization/authorization_policy_provider_null_vtable.cc
Unescape View File

@ -0,0 +1,24 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include <grpc/grpc.h>
// Wrapper API declared in grpc.h
// Required only for insecure build targets.
const grpc_arg_pointer_vtable* grpc_authorization_policy_provider_arg_vtable() {
return nullptr;
}

46
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc
Unescape View File

@ -0,0 +1,46 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include <grpc/grpc.h>
#include "src/core/lib/security/authorization/authorization_policy_provider.h"
namespace {
void* ProviderArgCopy(void* p) {
grpc_authorization_policy_provider* provider =
static_cast<grpc_authorization_policy_provider*>(p);
provider->Ref().release();
return provider;
}
void ProviderArgDestroy(void* p) {
grpc_authorization_policy_provider* provider =
static_cast<grpc_authorization_policy_provider*>(p);
provider->Unref();
}
int ProviderArgCmp(void* p, void* q) { return GPR_ICMP(p, q); }
} // namespace
// Wrapper API declared in grpc.h
const grpc_arg_pointer_vtable* grpc_authorization_policy_provider_arg_vtable() {
static const grpc_arg_pointer_vtable vtable = {
ProviderArgCopy, ProviderArgDestroy, ProviderArgCmp};
return &vtable;
}

2
src/core/lib/security/authorization/grpc_authorization_engine.h
Unescape View File

@ -36,6 +36,8 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
// Builds GrpcAuthorizationEngine with allow/deny RBAC policy.
explicit GrpcAuthorizationEngine(Rbac policy);
Rbac::Action action() { return action_; }
// Evaluates incoming request against RBAC policy and makes a decision to
// whether allow/deny this request.
Decision Evaluate(const EvaluateArgs& args) const override;

67
src/core/lib/security/authorization/grpc_authorization_policy_provider.cc
Unescape View File

@ -0,0 +1,67 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include <grpc/grpc_security.h>
#include <grpc/support/string_util.h>
#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
#include "src/core/lib/security/authorization/grpc_authorization_policy_provider.h"
namespace grpc_core {
absl::StatusOr<RefCountedPtr<grpc_authorization_policy_provider>>
StaticDataAuthorizationPolicyProvider::Create(absl::string_view authz_policy) {
auto policies_or = GenerateRbacPolicies(authz_policy);
if (!policies_or.ok()) {
return policies_or.status();
}
return MakeRefCounted<StaticDataAuthorizationPolicyProvider>(
std::move(*policies_or));
}
StaticDataAuthorizationPolicyProvider::StaticDataAuthorizationPolicyProvider(
RbacPolicies policies)
: allow_engine_(MakeRefCounted<GrpcAuthorizationEngine>(
std::move(policies.allow_policy))),
deny_engine_(MakeRefCounted<GrpcAuthorizationEngine>(
std::move(policies.deny_policy))) {}
} // namespace grpc_core
// Wrapper APIs declared in grpc_security.h
grpc_authorization_policy_provider*
grpc_authorization_policy_provider_static_data_create(
const char* authz_policy, grpc_status_code* code,
const char** error_details) {
GPR_ASSERT(authz_policy != nullptr);
auto provider_or =
grpc_core::StaticDataAuthorizationPolicyProvider::Create(authz_policy);
if (!provider_or.ok()) {
*code = static_cast<grpc_status_code>(provider_or.status().code());
*error_details =
gpr_strdup(std::string(provider_or.status().message()).c_str());
return nullptr;
}
*code = GRPC_STATUS_OK;
*error_details = nullptr;
return provider_or->release();
}
void grpc_authorization_policy_provider_release(
grpc_authorization_policy_provider* provider) {
if (provider != nullptr) provider->Unref();
}

60
src/core/lib/security/authorization/grpc_authorization_policy_provider.h
Unescape View File

@ -0,0 +1,60 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_GRPC_AUTHORIZATION_POLICY_PROVIDER_H
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_GRPC_AUTHORIZATION_POLICY_PROVIDER_H
#include <grpc/support/port_platform.h>
#include <memory>
#include "absl/status/statusor.h"
#include "src/core/lib/security/authorization/authorization_policy_provider.h"
#include "src/core/lib/security/authorization/rbac_translator.h"
namespace grpc_core {
// Provider class will get SDK Authorization policy from string during
// initialization. This policy will be translated to Envoy RBAC policies and
// used to initialize allow and deny AuthorizationEngine objects. This provider
// will return the same authorization engines everytime.
class StaticDataAuthorizationPolicyProvider
: public grpc_authorization_policy_provider {
public:
static absl::StatusOr<RefCountedPtr<grpc_authorization_policy_provider>>
Create(absl::string_view authz_policy);
explicit StaticDataAuthorizationPolicyProvider(RbacPolicies policies);
RefCountedPtr<AuthorizationEngine> allow_engine() const override {
return allow_engine_;
}
RefCountedPtr<AuthorizationEngine> deny_engine() const override {
return deny_engine_;
}
void Orphan() override {}
private:
RefCountedPtr<AuthorizationEngine> allow_engine_;
RefCountedPtr<AuthorizationEngine> deny_engine_;
};
// TODO(ashithasantosh): Add implementation for file watcher authorization
// policy provider.
} // namespace grpc_core
#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_GRPC_AUTHORIZATION_POLICY_PROVIDER_H

2
src/core/lib/security/authorization/matchers.cc
Unescape View File

@ -14,6 +14,8 @@
#include <grpc/support/port_platform.h>
#include <grpc/grpc_security_constants.h>
#include "src/core/lib/address_utils/sockaddr_utils.h"
#include "src/core/lib/security/authorization/matchers.h"

45
src/cpp/server/authorization_policy_provider.cc
Unescape View File

@ -0,0 +1,45 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/grpc_security.h>
#include <grpc/support/alloc.h>
#include <grpcpp/security/authorization_policy_provider.h>
namespace grpc {
namespace experimental {
std::shared_ptr<StaticDataAuthorizationPolicyProvider>
StaticDataAuthorizationPolicyProvider::Create(const std::string& authz_policy,
grpc::Status* status) {
grpc_status_code code;
const char* error_details;
grpc_authorization_policy_provider* provider =
grpc_authorization_policy_provider_static_data_create(
authz_policy.c_str(), &code, &error_details);
if (code != GRPC_STATUS_OK) {
*status = grpc::Status(static_cast<grpc::StatusCode>(code), error_details);
gpr_free(const_cast<char*>(error_details));
return nullptr;
}
*status = grpc::Status();
return std::make_shared<StaticDataAuthorizationPolicyProvider>(provider);
}
StaticDataAuthorizationPolicyProvider::
~StaticDataAuthorizationPolicyProvider() {
grpc_authorization_policy_provider_release(c_provider_);
}
} // namespace experimental
} // namespace grpc

11
src/cpp/server/server_builder.cc
Unescape View File

@ -155,6 +155,12 @@ ServerBuilder::experimental_type::AddExternalConnectionAcceptor(
return builder_->acceptors_.back()->GetAcceptor();
}
void ServerBuilder::experimental_type::SetAuthorizationPolicyProvider(
std::shared_ptr<experimental::AuthorizationPolicyProviderInterface>
provider) {
builder_->authorization_provider_ = std::move(provider);
}
ServerBuilder& ServerBuilder::SetOption(
std::unique_ptr<ServerBuilderOption> option) {
options_.push_back(std::move(option));
@ -259,6 +265,11 @@ ChannelArguments ServerBuilder::BuildChannelArgs() {
plugin->UpdateServerBuilder(this);
plugin->UpdateChannelArguments(&args);
}
if (authorization_provider_ != nullptr) {
args.SetPointerWithVtable(GRPC_ARG_AUTHORIZATION_POLICY_PROVIDER,
authorization_provider_->c_provider(),
grpc_authorization_policy_provider_arg_vtable());
}
return args;
}

2
src/python/grpcio/grpc_core_dependencies.py
Unescape View File

@ -498,6 +498,8 @@ CORE_SOURCE_FILES = [
'src/core/lib/matchers/matchers.cc',
'src/core/lib/profiling/basic_timers.cc',
'src/core/lib/profiling/stap_timers.cc',
'src/core/lib/security/authorization/authorization_policy_provider_vtable.cc',
'src/core/lib/security/authorization/evaluate_args.cc',
'src/core/lib/security/context/security_context.cc',
'src/core/lib/security/credentials/alts/alts_credentials.cc',
'src/core/lib/security/credentials/alts/check_gcp_environment.cc',

6
src/ruby/ext/grpc/rb_grpc_imports.generated.c
Unescape View File

@ -107,6 +107,7 @@ grpc_channelz_get_server_sockets_type grpc_channelz_get_server_sockets_import;
grpc_channelz_get_channel_type grpc_channelz_get_channel_import;
grpc_channelz_get_subchannel_type grpc_channelz_get_subchannel_import;
grpc_channelz_get_socket_type grpc_channelz_get_socket_import;
grpc_authorization_policy_provider_arg_vtable_type grpc_authorization_policy_provider_arg_vtable_import;
grpc_insecure_channel_create_from_fd_type grpc_insecure_channel_create_from_fd_import;
grpc_server_add_insecure_channel_from_fd_type grpc_server_add_insecure_channel_from_fd_import;
grpc_auth_property_iterator_next_type grpc_auth_property_iterator_next_import;
@ -182,6 +183,8 @@ grpc_tls_server_authorization_check_config_create_type grpc_tls_server_authoriza
grpc_tls_server_authorization_check_config_release_type grpc_tls_server_authorization_check_config_release_import;
grpc_xds_credentials_create_type grpc_xds_credentials_create_import;
grpc_xds_server_credentials_create_type grpc_xds_server_credentials_create_import;
grpc_authorization_policy_provider_static_data_create_type grpc_authorization_policy_provider_static_data_create_import;
grpc_authorization_policy_provider_release_type grpc_authorization_policy_provider_release_import;
grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
grpc_raw_compressed_byte_buffer_create_type grpc_raw_compressed_byte_buffer_create_import;
grpc_byte_buffer_copy_type grpc_byte_buffer_copy_import;
@ -392,6 +395,7 @@ void grpc_rb_load_imports(HMODULE library) {
grpc_channelz_get_channel_import = (grpc_channelz_get_channel_type) GetProcAddress(library, "grpc_channelz_get_channel");
grpc_channelz_get_subchannel_import = (grpc_channelz_get_subchannel_type) GetProcAddress(library, "grpc_channelz_get_subchannel");
grpc_channelz_get_socket_import = (grpc_channelz_get_socket_type) GetProcAddress(library, "grpc_channelz_get_socket");
grpc_authorization_policy_provider_arg_vtable_import = (grpc_authorization_policy_provider_arg_vtable_type) GetProcAddress(library, "grpc_authorization_policy_provider_arg_vtable");
grpc_insecure_channel_create_from_fd_import = (grpc_insecure_channel_create_from_fd_type) GetProcAddress(library, "grpc_insecure_channel_create_from_fd");
grpc_server_add_insecure_channel_from_fd_import = (grpc_server_add_insecure_channel_from_fd_type) GetProcAddress(library, "grpc_server_add_insecure_channel_from_fd");
grpc_auth_property_iterator_next_import = (grpc_auth_property_iterator_next_type) GetProcAddress(library, "grpc_auth_property_iterator_next");
@ -467,6 +471,8 @@ void grpc_rb_load_imports(HMODULE library) {
grpc_tls_server_authorization_check_config_release_import = (grpc_tls_server_authorization_check_config_release_type) GetProcAddress(library, "grpc_tls_server_authorization_check_config_release");
grpc_xds_credentials_create_import = (grpc_xds_credentials_create_type) GetProcAddress(library, "grpc_xds_credentials_create");
grpc_xds_server_credentials_create_import = (grpc_xds_server_credentials_create_type) GetProcAddress(library, "grpc_xds_server_credentials_create");
grpc_authorization_policy_provider_static_data_create_import = (grpc_authorization_policy_provider_static_data_create_type) GetProcAddress(library, "grpc_authorization_policy_provider_static_data_create");
grpc_authorization_policy_provider_release_import = (grpc_authorization_policy_provider_release_type) GetProcAddress(library, "grpc_authorization_policy_provider_release");
grpc_raw_byte_buffer_create_import = (grpc_raw_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_byte_buffer_create");
grpc_raw_compressed_byte_buffer_create_import = (grpc_raw_compressed_byte_buffer_create_type) GetProcAddress(library, "grpc_raw_compressed_byte_buffer_create");
grpc_byte_buffer_copy_import = (grpc_byte_buffer_copy_type) GetProcAddress(library, "grpc_byte_buffer_copy");

9
src/ruby/ext/grpc/rb_grpc_imports.generated.h
Unescape View File

@ -296,6 +296,9 @@ extern grpc_channelz_get_subchannel_type grpc_channelz_get_subchannel_import;
typedef char*(*grpc_channelz_get_socket_type)(intptr_t socket_id);
extern grpc_channelz_get_socket_type grpc_channelz_get_socket_import;
#define grpc_channelz_get_socket grpc_channelz_get_socket_import
typedef const grpc_arg_pointer_vtable*(*grpc_authorization_policy_provider_arg_vtable_type)(void);
extern grpc_authorization_policy_provider_arg_vtable_type grpc_authorization_policy_provider_arg_vtable_import;
#define grpc_authorization_policy_provider_arg_vtable grpc_authorization_policy_provider_arg_vtable_import
typedef grpc_channel*(*grpc_insecure_channel_create_from_fd_type)(const char* target, int fd, const grpc_channel_args* args);
extern grpc_insecure_channel_create_from_fd_type grpc_insecure_channel_create_from_fd_import;
#define grpc_insecure_channel_create_from_fd grpc_insecure_channel_create_from_fd_import
@ -521,6 +524,12 @@ extern grpc_xds_credentials_create_type grpc_xds_credentials_create_import;
typedef grpc_server_credentials*(*grpc_xds_server_credentials_create_type)(grpc_server_credentials* fallback_credentials);
extern grpc_xds_server_credentials_create_type grpc_xds_server_credentials_create_import;
#define grpc_xds_server_credentials_create grpc_xds_server_credentials_create_import
typedef grpc_authorization_policy_provider*(*grpc_authorization_policy_provider_static_data_create_type)(const char* authz_policy, grpc_status_code* code, const char** error_details);
extern grpc_authorization_policy_provider_static_data_create_type grpc_authorization_policy_provider_static_data_create_import;
#define grpc_authorization_policy_provider_static_data_create grpc_authorization_policy_provider_static_data_create_import
typedef void(*grpc_authorization_policy_provider_release_type)(grpc_authorization_policy_provider* provider);
extern grpc_authorization_policy_provider_release_type grpc_authorization_policy_provider_release_import;
#define grpc_authorization_policy_provider_release grpc_authorization_policy_provider_release_import
typedef grpc_byte_buffer*(*grpc_raw_byte_buffer_create_type)(grpc_slice* slices, size_t nslices);
extern grpc_raw_byte_buffer_create_type grpc_raw_byte_buffer_create_import;
#define grpc_raw_byte_buffer_create grpc_raw_byte_buffer_create_import

16
test/core/security/BUILD
Unescape View File

@ -117,9 +117,8 @@ grpc_cc_test(
deps = [
"//:gpr",
"//:grpc",
"//:grpc_rbac_engine",
"//:grpc_secure",
"//test/core/util:grpc_test_util",
"//test/core/util:grpc_test_util_base",
],
)
@ -451,3 +450,16 @@ grpc_cc_test(
"//test/core/util:grpc_test_util",
],
)
grpc_cc_test(
name = "grpc_authorization_policy_provider_test",
srcs = ["grpc_authorization_policy_provider_test.cc"],
external_deps = ["gtest"],
language = "C++",
deps = [
"//:gpr",
"//:grpc",
"//:grpc_authorization_provider",
"//test/core/util:grpc_test_util",
],
)

62
test/core/security/grpc_authorization_policy_provider_test.cc
Unescape View File

@ -0,0 +1,62 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpc/support/port_platform.h>
#include <gmock/gmock.h>
#include <grpc/grpc_security.h>
#include <gtest/gtest.h>
#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
#include "src/core/lib/security/authorization/grpc_authorization_policy_provider.h"
#include "test/core/util/test_config.h"
namespace grpc_core {
TEST(AuthorizationPolicyProviderTest, StaticDataInitializationSuccessful) {
const char* authz_policy =
"{"
" \"name\": \"authz\","
" \"allow_rules\": ["
" {"
" \"name\": \"allow_policy\""
" }"
" ]"
"}";
auto provider = StaticDataAuthorizationPolicyProvider::Create(authz_policy);
ASSERT_TRUE(provider.ok());
auto* allow_engine =
dynamic_cast<GrpcAuthorizationEngine*>((*provider)->allow_engine().get());
ASSERT_NE(allow_engine, nullptr);
EXPECT_EQ(allow_engine->action(), Rbac::Action::kAllow);
auto* deny_engine =
dynamic_cast<GrpcAuthorizationEngine*>((*provider)->deny_engine().get());
ASSERT_NE(deny_engine, nullptr);
EXPECT_EQ(deny_engine->action(), Rbac::Action::kDeny);
}
TEST(AuthorizationPolicyProviderTest,
StaticDataInitializationFailedInvalidPolicy) {
const char* authz_policy = "{}";
auto provider = StaticDataAuthorizationPolicyProvider::Create(authz_policy);
EXPECT_EQ(provider.status().code(), absl::StatusCode::kInvalidArgument);
EXPECT_EQ(provider.status().message(), "\"name\" field is not present.");
}
} // namespace grpc_core
int main(int argc, char** argv) {
::testing::InitGoogleTest(&argc, argv);
return RUN_ALL_TESTS();
}

1
test/core/surface/BUILD
Unescape View File

@ -123,6 +123,7 @@ grpc_cc_test(
deps = [
"//:gpr",
"//:grpc",
"//:grpc_authorization_provider",
"//test/core/util:grpc_test_util",
],
)

3
test/core/surface/public_headers_must_be_c89.c
Unescape View File

@ -153,6 +153,7 @@ int main(int argc, char **argv) {
printf("%lx", (unsigned long) grpc_channelz_get_channel);
printf("%lx", (unsigned long) grpc_channelz_get_subchannel);
printf("%lx", (unsigned long) grpc_channelz_get_socket);
printf("%lx", (unsigned long) grpc_authorization_policy_provider_arg_vtable);
printf("%lx", (unsigned long) grpc_auth_property_iterator_next);
printf("%lx", (unsigned long) grpc_auth_context_property_iterator);
printf("%lx", (unsigned long) grpc_auth_context_peer_identity);
@ -226,6 +227,8 @@ int main(int argc, char **argv) {
printf("%lx", (unsigned long) grpc_tls_server_authorization_check_config_release);
printf("%lx", (unsigned long) grpc_xds_credentials_create);
printf("%lx", (unsigned long) grpc_xds_server_credentials_create);
printf("%lx", (unsigned long) grpc_authorization_policy_provider_static_data_create);
printf("%lx", (unsigned long) grpc_authorization_policy_provider_release);
printf("%lx", (unsigned long) grpc_raw_byte_buffer_create);
printf("%lx", (unsigned long) grpc_raw_compressed_byte_buffer_create);
printf("%lx", (unsigned long) grpc_byte_buffer_copy);

15
test/cpp/server/BUILD
Unescape View File

@ -78,3 +78,18 @@ grpc_cc_test(
"//test/core/util:grpc_test_util",
],
)
grpc_cc_test(
name = "authorization_policy_provider_test",
srcs = ["authorization_policy_provider_test.cc"],
external_deps = [
"gtest",
],
deps = [
"//:gpr",
"//:grpc",
"//:grpc++",
"//:grpc++_authorization_provider",
"//test/core/util:grpc_test_util",
],
)

57
test/cpp/server/authorization_policy_provider_test.cc
Unescape View File

@ -0,0 +1,57 @@
// Copyright 2021 gRPC authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include <grpcpp/security/authorization_policy_provider.h>
#include <gtest/gtest.h>
#include "test/core/util/test_config.h"
namespace grpc {
TEST(AuthorizationPolicyProviderTest, StaticDataCreateReturnsProvider) {
const char* authz_policy =
"{"
" \"name\": \"authz\","
" \"allow_rules\": ["
" {"
" \"name\": \"allow_policy\""
" }"
" ]"
"}";
grpc::Status status;
auto provider = experimental::StaticDataAuthorizationPolicyProvider::Create(
authz_policy, &status);
ASSERT_NE(provider, nullptr);
EXPECT_NE(provider->c_provider(), nullptr);
EXPECT_TRUE(status.ok());
EXPECT_TRUE(status.error_message().empty());
}
TEST(AuthorizationPolicyProviderTest, StaticDataCreateReturnsErrorStatus) {
const char* authz_policy = "{}";
grpc::Status status;
auto provider = experimental::StaticDataAuthorizationPolicyProvider::Create(
authz_policy, &status);
ASSERT_EQ(provider, nullptr);
EXPECT_EQ(status.error_code(), grpc::StatusCode::INVALID_ARGUMENT);
EXPECT_EQ(status.error_message(), "\"name\" field is not present.");
}
} // namespace grpc
int main(int argc, char** argv) {
::testing::InitGoogleTest(&argc, argv);
grpc::testing::TestEnvironment env(argc, argv);
return RUN_ALL_TESTS();
}

1
tools/doxygen/Doxyfile.c++
Unescape View File

@ -1013,6 +1013,7 @@ include/grpcpp/impl/service_type.h \
include/grpcpp/resource_quota.h \
include/grpcpp/security/auth_context.h \
include/grpcpp/security/auth_metadata_processor.h \
include/grpcpp/security/authorization_policy_provider.h \
include/grpcpp/security/credentials.h \
include/grpcpp/security/server_credentials.h \
include/grpcpp/security/tls_certificate_provider.h \

6
tools/doxygen/Doxyfile.c++.internal
Unescape View File

@ -1013,6 +1013,7 @@ include/grpcpp/impl/service_type.h \
include/grpcpp/resource_quota.h \
include/grpcpp/security/auth_context.h \
include/grpcpp/security/auth_metadata_processor.h \
include/grpcpp/security/authorization_policy_provider.h \
include/grpcpp/security/credentials.h \
include/grpcpp/security/server_credentials.h \
include/grpcpp/security/tls_certificate_provider.h \
@ -1955,6 +1956,11 @@ src/core/lib/matchers/matchers.h \
src/core/lib/profiling/basic_timers.cc \
src/core/lib/profiling/stap_timers.cc \
src/core/lib/profiling/timers.h \
src/core/lib/security/authorization/authorization_engine.h \
src/core/lib/security/authorization/authorization_policy_provider.h \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/context/security_context.h \
src/core/lib/security/credentials/alts/alts_credentials.cc \

5
tools/doxygen/Doxyfile.core.internal
Unescape View File

@ -1795,6 +1795,11 @@ src/core/lib/matchers/matchers.h \
src/core/lib/profiling/basic_timers.cc \
src/core/lib/profiling/stap_timers.cc \
src/core/lib/profiling/timers.h \
src/core/lib/security/authorization/authorization_engine.h \
src/core/lib/security/authorization/authorization_policy_provider.h \
src/core/lib/security/authorization/authorization_policy_provider_vtable.cc \
src/core/lib/security/authorization/evaluate_args.cc \
src/core/lib/security/authorization/evaluate_args.h \
src/core/lib/security/context/security_context.cc \
src/core/lib/security/context/security_context.h \
src/core/lib/security/credentials/alts/alts_credentials.cc \

48
tools/run_tests/generated/tests.json
Unescape View File

@ -3309,6 +3309,30 @@
],
"uses_polling": true
},
{
"args": [],
"benchmark": false,
"ci_platforms": [
"linux",
"mac",
"posix",
"windows"
],
"cpu_cost": 1.0,
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
"gtest": true,
"language": "c++",
"name": "authorization_policy_provider_test",
"platforms": [
"linux",
"mac",
"posix",
"windows"
],
"uses_polling": true
},
{
"args": [],
"benchmark": false,
@ -4675,6 +4699,30 @@
],
"uses_polling": true
},
{
"args": [],
"benchmark": false,
"ci_platforms": [
"linux",
"mac",
"posix",
"windows"
],
"cpu_cost": 1.0,
"exclude_configs": [],
"exclude_iomgrs": [],
"flaky": false,
"gtest": true,
"language": "c++",
"name": "grpc_authorization_policy_provider_test",
"platforms": [
"linux",
"mac",
"posix",
"windows"
],
"uses_polling": true
},
{
"args": [],
"benchmark": false,

Write Preview
Loading…
Cancel
Save