grpc 1.30.1 → 1.32.0.pre1

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (676) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +723 -15910
  3. data/include/grpc/grpc_security.h +31 -14
  4. data/include/grpc/grpc_security_constants.h +3 -0
  5. data/include/grpc/impl/codegen/README.md +22 -0
  6. data/include/grpc/impl/codegen/grpc_types.h +7 -5
  7. data/include/grpc/impl/codegen/port_platform.h +6 -33
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +12 -9
  9. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -2
  10. data/src/core/ext/filters/client_channel/client_channel.cc +470 -285
  11. data/src/core/ext/filters/client_channel/client_channel.h +1 -1
  12. data/src/core/ext/filters/client_channel/client_channel_channelz.h +0 -3
  13. data/src/core/ext/filters/client_channel/config_selector.cc +62 -0
  14. data/src/core/ext/filters/client_channel/config_selector.h +93 -0
  15. data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -2
  16. data/src/core/ext/filters/client_channel/health/health_check_client.cc +8 -1
  17. data/src/core/ext/filters/client_channel/http_connect_handshaker.cc +8 -8
  18. data/src/core/ext/filters/client_channel/http_proxy.cc +6 -4
  19. data/src/core/ext/filters/client_channel/lb_policy.h +4 -0
  20. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +6 -4
  21. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +59 -36
  22. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -13
  23. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.h +0 -3
  24. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_channel_secure.cc +1 -37
  25. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -13
  26. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +29 -10
  27. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +5 -4
  28. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +4 -6
  29. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +23 -13
  30. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +18 -12
  31. data/src/core/ext/filters/client_channel/lb_policy/xds/eds.cc +22 -14
  32. data/src/core/ext/filters/client_channel/lb_policy/xds/lrs.cc +18 -9
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_routing.cc +385 -78
  34. data/src/core/ext/filters/client_channel/lb_policy_registry.cc +4 -5
  35. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +5 -2
  36. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver.cc +6 -5
  37. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_libuv.cc +8 -6
  38. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +9 -7
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +7 -5
  40. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +36 -51
  41. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_libuv.cc +1 -1
  42. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper_windows.cc +1 -1
  43. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +6 -2
  44. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -1
  45. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +1 -1
  46. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +383 -31
  47. data/src/core/ext/filters/client_channel/resolver_registry.cc +13 -14
  48. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +6 -7
  49. data/src/core/ext/filters/client_channel/resolver_result_parsing.h +0 -1
  50. data/src/core/ext/filters/client_channel/resolving_lb_policy.cc +38 -32
  51. data/src/core/ext/filters/client_channel/resolving_lb_policy.h +39 -20
  52. data/src/core/ext/filters/client_channel/server_address.cc +40 -7
  53. data/src/core/ext/filters/client_channel/server_address.h +42 -4
  54. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +142 -0
  55. data/src/core/ext/filters/client_channel/subchannel.cc +65 -24
  56. data/src/core/ext/filters/client_channel/subchannel.h +16 -4
  57. data/src/core/ext/filters/http/client/http_client_filter.cc +5 -5
  58. data/src/core/ext/filters/http/http_filters_plugin.cc +2 -1
  59. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +74 -33
  60. data/src/core/ext/filters/http/message_compress/message_decompress_filter.h +3 -1
  61. data/src/core/ext/filters/max_age/max_age_filter.cc +2 -1
  62. data/src/core/ext/filters/message_size/message_size_filter.cc +56 -80
  63. data/src/core/ext/filters/message_size/message_size_filter.h +6 -0
  64. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +87 -31
  65. data/src/core/ext/transport/chttp2/client/chttp2_connector.h +18 -1
  66. data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +10 -35
  67. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +378 -348
  68. data/src/core/ext/transport/chttp2/server/chttp2_server.h +7 -2
  69. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2.cc +3 -3
  70. data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +10 -16
  71. data/src/core/ext/transport/chttp2/server/secure/server_secure_chttp2.cc +9 -9
  72. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +256 -279
  73. data/src/core/ext/transport/chttp2/transport/flow_control.cc +23 -28
  74. data/src/core/ext/transport/chttp2/transport/flow_control.h +14 -16
  75. data/src/core/ext/transport/chttp2/transport/frame_data.cc +9 -12
  76. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +4 -6
  77. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +5 -6
  78. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +12 -13
  79. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +8 -9
  80. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +9 -12
  81. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +25 -29
  82. data/src/core/ext/transport/chttp2/transport/hpack_table.cc +13 -17
  83. data/src/core/ext/transport/chttp2/transport/internal.h +18 -1
  84. data/src/core/ext/transport/chttp2/transport/parsing.cc +34 -71
  85. data/src/core/ext/transport/chttp2/transport/writing.cc +15 -19
  86. data/src/core/ext/transport/inproc/inproc_transport.cc +47 -27
  87. data/src/core/ext/upb-generated/envoy/annotations/deprecation.upb.h +0 -1
  88. data/src/core/ext/upb-generated/envoy/annotations/resource.upb.h +3 -4
  89. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.c +224 -0
  90. data/src/core/ext/upb-generated/envoy/config/accesslog/v3/accesslog.upb.h +700 -0
  91. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.c +74 -0
  92. data/src/core/ext/upb-generated/envoy/config/cluster/v3/circuit_breaker.upb.h +226 -0
  93. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.c +380 -0
  94. data/src/core/ext/upb-generated/envoy/config/cluster/v3/cluster.upb.h +1378 -0
  95. data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/filter.upb.c +8 -8
  96. data/src/core/ext/upb-generated/envoy/config/cluster/v3/filter.upb.h +69 -0
  97. data/src/core/ext/upb-generated/envoy/{api/v2/cluster → config/cluster/v3}/outlier_detection.upb.c +8 -8
  98. data/src/core/ext/upb-generated/envoy/config/cluster/v3/outlier_detection.upb.h +323 -0
  99. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.c +112 -0
  100. data/src/core/ext/upb-generated/envoy/config/core/v3/address.upb.h +334 -0
  101. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/backoff.upb.c +8 -8
  102. data/src/core/ext/upb-generated/envoy/config/core/v3/backoff.upb.h +79 -0
  103. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.c +309 -0
  104. data/src/core/ext/upb-generated/envoy/config/core/v3/base.upb.h +869 -0
  105. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.c +96 -0
  106. data/src/core/ext/upb-generated/envoy/config/core/v3/config_source.upb.h +328 -0
  107. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.c +34 -0
  108. data/src/core/ext/upb-generated/envoy/config/core/v3/event_service_config.upb.h +71 -0
  109. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.c +195 -0
  110. data/src/core/ext/upb-generated/envoy/config/core/v3/grpc_service.upb.h +634 -0
  111. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.c +170 -0
  112. data/src/core/ext/upb-generated/envoy/config/core/v3/health_check.upb.h +684 -0
  113. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/http_uri.upb.c +8 -8
  114. data/src/core/ext/upb-generated/envoy/config/core/v3/http_uri.upb.h +80 -0
  115. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +152 -0
  116. data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +536 -0
  117. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.c +28 -0
  118. data/src/core/ext/upb-generated/envoy/config/core/v3/proxy_protocol.upb.h +58 -0
  119. data/src/core/ext/upb-generated/envoy/{api/v2/core → config/core/v3}/socket_option.upb.c +6 -6
  120. data/src/core/ext/upb-generated/envoy/config/core/v3/socket_option.upb.h +88 -0
  121. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.c +91 -0
  122. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint.upb.h +220 -0
  123. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.c +91 -0
  124. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/endpoint_components.upb.h +273 -0
  125. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.c +112 -0
  126. data/src/core/ext/upb-generated/envoy/config/endpoint/v3/load_report.upb.h +332 -0
  127. data/src/core/ext/upb-generated/envoy/config/listener/{v2 → v3}/api_listener.upb.c +8 -8
  128. data/src/core/ext/upb-generated/envoy/config/listener/v3/api_listener.upb.h +65 -0
  129. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.c +108 -0
  130. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener.upb.h +401 -0
  131. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.c +138 -0
  132. data/src/core/ext/upb-generated/envoy/config/listener/v3/listener_components.upb.h +490 -0
  133. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.c +41 -0
  134. data/src/core/ext/upb-generated/envoy/config/listener/v3/udp_listener_config.upb.h +94 -0
  135. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.c +174 -0
  136. data/src/core/ext/upb-generated/envoy/config/rbac/v3/rbac.upb.h +599 -0
  137. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.c +63 -0
  138. data/src/core/ext/upb-generated/envoy/config/route/v3/route.upb.h +204 -0
  139. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +773 -0
  140. data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +2855 -0
  141. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.c +59 -0
  142. data/src/core/ext/upb-generated/envoy/config/route/v3/scoped_route.upb.h +135 -0
  143. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.c +50 -0
  144. data/src/core/ext/upb-generated/envoy/config/trace/v3/http_tracer.upb.h +108 -0
  145. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +312 -0
  146. data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +1125 -0
  147. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.c +20 -0
  148. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/cert.upb.h +34 -0
  149. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.c +111 -0
  150. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/common.upb.h +401 -0
  151. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.c +72 -0
  152. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/secret.upb.h +198 -0
  153. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.c +105 -0
  154. data/src/core/ext/upb-generated/envoy/extensions/transport_sockets/tls/v3/tls.upb.h +388 -0
  155. data/src/core/ext/upb-generated/envoy/{api/v2 → service/cluster/v3}/cds.upb.c +5 -6
  156. data/src/core/ext/upb-generated/envoy/service/cluster/v3/cds.upb.h +49 -0
  157. data/src/core/ext/upb-generated/envoy/service/discovery/{v2 → v3}/ads.upb.c +5 -4
  158. data/src/core/ext/upb-generated/envoy/service/discovery/v3/ads.upb.h +49 -0
  159. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.c +129 -0
  160. data/src/core/ext/upb-generated/envoy/service/discovery/v3/discovery.upb.h +386 -0
  161. data/src/core/ext/upb-generated/envoy/{api/v2 → service/endpoint/v3}/eds.upb.c +5 -6
  162. data/src/core/ext/upb-generated/envoy/service/endpoint/v3/eds.upb.h +49 -0
  163. data/src/core/ext/upb-generated/envoy/{api/v2 → service/listener/v3}/lds.upb.c +5 -6
  164. data/src/core/ext/upb-generated/envoy/service/listener/v3/lds.upb.h +49 -0
  165. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.c +55 -0
  166. data/src/core/ext/upb-generated/envoy/service/load_stats/v3/lrs.upb.h +136 -0
  167. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/rds.upb.c +5 -6
  168. data/src/core/ext/upb-generated/envoy/service/route/v3/rds.upb.h +49 -0
  169. data/src/core/ext/upb-generated/envoy/{api/v2 → service/route/v3}/srds.upb.c +5 -6
  170. data/src/core/ext/upb-generated/envoy/service/route/v3/srds.upb.h +49 -0
  171. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.c +47 -0
  172. data/src/core/ext/upb-generated/envoy/type/matcher/v3/metadata.upb.h +114 -0
  173. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.c +35 -0
  174. data/src/core/ext/upb-generated/envoy/type/matcher/v3/number.upb.h +77 -0
  175. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.c +34 -0
  176. data/src/core/ext/upb-generated/envoy/type/matcher/v3/path.upb.h +71 -0
  177. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.c +64 -0
  178. data/src/core/ext/upb-generated/envoy/type/matcher/v3/regex.upb.h +145 -0
  179. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.c +53 -0
  180. data/src/core/ext/upb-generated/envoy/type/matcher/v3/string.upb.h +127 -0
  181. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.c +63 -0
  182. data/src/core/ext/upb-generated/envoy/type/matcher/v3/value.upb.h +188 -0
  183. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.c +88 -0
  184. data/src/core/ext/upb-generated/envoy/type/metadata/v3/metadata.upb.h +258 -0
  185. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.c +90 -0
  186. data/src/core/ext/upb-generated/envoy/type/tracing/v3/custom_tag.upb.h +250 -0
  187. data/src/core/ext/upb-generated/envoy/type/{http.upb.c → v3/http.upb.c} +2 -2
  188. data/src/core/ext/upb-generated/envoy/type/{http.upb.h → v3/http.upb.h} +8 -9
  189. data/src/core/ext/upb-generated/envoy/type/{percent.upb.c → v3/percent.upb.c} +9 -8
  190. data/src/core/ext/upb-generated/envoy/type/v3/percent.upb.h +86 -0
  191. data/src/core/ext/upb-generated/envoy/type/{range.upb.c → v3/range.upb.c} +12 -11
  192. data/src/core/ext/upb-generated/envoy/type/v3/range.upb.h +111 -0
  193. data/src/core/ext/upb-generated/envoy/type/{semantic_version.upb.c → v3/semantic_version.upb.c} +6 -5
  194. data/src/core/ext/upb-generated/envoy/type/v3/semantic_version.upb.h +61 -0
  195. data/src/core/ext/upb-generated/gogoproto/gogo.upb.h +0 -1
  196. data/src/core/ext/upb-generated/google/api/annotations.upb.h +0 -1
  197. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.c +234 -0
  198. data/src/core/ext/upb-generated/google/api/expr/v1alpha1/syntax.upb.h +759 -0
  199. data/src/core/ext/upb-generated/google/api/http.upb.h +29 -28
  200. data/src/core/ext/upb-generated/google/protobuf/any.upb.h +5 -6
  201. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.c +39 -39
  202. data/src/core/ext/upb-generated/google/protobuf/descriptor.upb.h +412 -386
  203. data/src/core/ext/upb-generated/google/protobuf/duration.upb.h +5 -6
  204. data/src/core/ext/upb-generated/google/protobuf/empty.upb.h +1 -2
  205. data/src/core/ext/upb-generated/google/protobuf/struct.upb.c +1 -1
  206. data/src/core/ext/upb-generated/google/protobuf/struct.upb.h +34 -55
  207. data/src/core/ext/upb-generated/google/protobuf/timestamp.upb.h +5 -6
  208. data/src/core/ext/upb-generated/google/protobuf/wrappers.upb.h +27 -28
  209. data/src/core/ext/upb-generated/google/rpc/status.upb.h +8 -8
  210. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.c +1 -1
  211. data/src/core/ext/upb-generated/src/proto/grpc/gcp/altscontext.upb.h +32 -45
  212. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.c +4 -4
  213. data/src/core/ext/upb-generated/src/proto/grpc/gcp/handshaker.upb.h +157 -178
  214. data/src/core/ext/upb-generated/src/proto/grpc/gcp/transport_security_common.upb.h +14 -13
  215. data/src/core/ext/upb-generated/src/proto/grpc/health/v1/health.upb.h +6 -7
  216. data/src/core/ext/upb-generated/src/proto/grpc/lb/v1/load_balancer.upb.h +59 -56
  217. data/src/core/ext/upb-generated/udpa/annotations/migrate.upb.h +11 -12
  218. data/src/core/ext/upb-generated/udpa/annotations/sensitive.upb.h +0 -1
  219. data/src/core/ext/upb-generated/udpa/annotations/status.upb.h +5 -6
  220. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.c +27 -0
  221. data/src/core/ext/upb-generated/udpa/annotations/versioning.upb.h +53 -0
  222. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.c +6 -6
  223. data/src/core/ext/upb-generated/udpa/data/orca/v1/orca_load_report.upb.h +41 -68
  224. data/src/core/ext/upb-generated/validate/validate.upb.c +11 -11
  225. data/src/core/ext/upb-generated/validate/validate.upb.h +537 -536
  226. data/src/core/ext/xds/xds_api.cc +2388 -0
  227. data/src/core/ext/{filters/client_channel/xds → xds}/xds_api.h +120 -40
  228. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.cc +56 -25
  229. data/src/core/ext/{filters/client_channel/xds → xds}/xds_bootstrap.h +8 -3
  230. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel.h +4 -4
  231. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_args.h +3 -3
  232. data/src/core/ext/{filters/client_channel/xds → xds}/xds_channel_secure.cc +2 -5
  233. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.cc +94 -347
  234. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client.h +12 -45
  235. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.cc +2 -2
  236. data/src/core/ext/{filters/client_channel/xds → xds}/xds_client_stats.h +13 -13
  237. data/src/core/lib/channel/channel_trace.cc +2 -6
  238. data/src/core/lib/channel/channelz.cc +19 -30
  239. data/src/core/lib/channel/channelz.h +1 -1
  240. data/src/core/lib/channel/channelz_registry.cc +3 -1
  241. data/src/core/lib/gpr/log_linux.cc +6 -8
  242. data/src/core/lib/gpr/log_posix.cc +6 -8
  243. data/src/core/lib/gpr/string.cc +10 -9
  244. data/src/core/lib/gpr/string.h +4 -2
  245. data/src/core/lib/gpr/sync_posix.cc +2 -8
  246. data/src/core/lib/gprpp/global_config_env.cc +8 -6
  247. data/src/core/lib/http/httpcli.cc +13 -10
  248. data/src/core/lib/http/httpcli_security_connector.cc +5 -5
  249. data/src/core/lib/iomgr/cfstream_handle.cc +1 -0
  250. data/src/core/lib/iomgr/endpoint.cc +5 -1
  251. data/src/core/lib/iomgr/endpoint.h +7 -3
  252. data/src/core/lib/iomgr/endpoint_cfstream.cc +32 -11
  253. data/src/core/lib/iomgr/endpoint_pair_posix.cc +10 -10
  254. data/src/core/lib/iomgr/error_cfstream.cc +9 -8
  255. data/src/core/lib/iomgr/ev_epoll1_linux.cc +5 -6
  256. data/src/core/lib/iomgr/ev_epollex_linux.cc +15 -21
  257. data/src/core/lib/iomgr/ev_poll_posix.cc +6 -5
  258. data/src/core/lib/iomgr/is_epollexclusive_available.cc +14 -0
  259. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.cc +1 -1
  260. data/src/core/{ext/filters/client_channel → lib/iomgr}/parse_address.h +3 -3
  261. data/src/core/lib/iomgr/port.h +1 -21
  262. data/src/core/lib/iomgr/resolve_address_custom.cc +13 -18
  263. data/src/core/lib/iomgr/resolve_address_windows.cc +8 -8
  264. data/src/core/lib/iomgr/resource_quota.cc +34 -31
  265. data/src/core/lib/iomgr/sockaddr_utils.cc +9 -6
  266. data/src/core/lib/iomgr/sockaddr_utils.h +3 -2
  267. data/src/core/lib/iomgr/socket_utils_common_posix.cc +95 -55
  268. data/src/core/lib/iomgr/socket_windows.cc +4 -5
  269. data/src/core/lib/iomgr/tcp_client_cfstream.cc +9 -11
  270. data/src/core/lib/iomgr/tcp_client_custom.cc +6 -9
  271. data/src/core/lib/iomgr/tcp_client_posix.cc +27 -36
  272. data/src/core/lib/iomgr/tcp_client_windows.cc +9 -9
  273. data/src/core/lib/iomgr/tcp_custom.cc +33 -17
  274. data/src/core/lib/iomgr/tcp_custom.h +1 -1
  275. data/src/core/lib/iomgr/tcp_posix.cc +31 -13
  276. data/src/core/lib/iomgr/tcp_server.cc +3 -4
  277. data/src/core/lib/iomgr/tcp_server.h +7 -5
  278. data/src/core/lib/iomgr/tcp_server_custom.cc +6 -14
  279. data/src/core/lib/iomgr/tcp_server_posix.cc +34 -41
  280. data/src/core/lib/iomgr/tcp_server_utils_posix.h +3 -4
  281. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +5 -7
  282. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +4 -9
  283. data/src/core/lib/iomgr/tcp_server_windows.cc +16 -16
  284. data/src/core/lib/iomgr/tcp_windows.cc +26 -10
  285. data/src/core/lib/iomgr/timer_generic.cc +13 -12
  286. data/src/core/lib/iomgr/udp_server.cc +24 -23
  287. data/src/core/lib/iomgr/udp_server.h +5 -2
  288. data/src/core/lib/iomgr/unix_sockets_posix.cc +9 -14
  289. data/src/core/lib/iomgr/unix_sockets_posix.h +3 -1
  290. data/src/core/lib/iomgr/unix_sockets_posix_noop.cc +5 -2
  291. data/src/core/lib/json/json_reader.cc +20 -21
  292. data/src/core/lib/security/authorization/authorization_engine.cc +177 -0
  293. data/src/core/lib/security/authorization/authorization_engine.h +84 -0
  294. data/src/core/lib/security/authorization/evaluate_args.cc +153 -0
  295. data/src/core/lib/security/authorization/evaluate_args.h +59 -0
  296. data/src/core/lib/security/authorization/mock_cel/activation.h +57 -0
  297. data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +42 -0
  298. data/src/core/lib/security/authorization/mock_cel/cel_expression.h +68 -0
  299. data/src/core/lib/security/authorization/mock_cel/cel_value.h +93 -0
  300. data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +67 -0
  301. data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +56 -0
  302. data/src/core/lib/security/authorization/mock_cel/statusor.h +50 -0
  303. data/src/core/lib/security/credentials/credentials.h +5 -3
  304. data/src/core/lib/security/credentials/google_default/credentials_generic.cc +8 -6
  305. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +64 -43
  306. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +7 -4
  307. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +19 -28
  308. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -6
  309. data/src/core/lib/security/credentials/ssl/ssl_credentials.cc +20 -0
  310. data/src/core/lib/security/credentials/ssl/ssl_credentials.h +10 -0
  311. data/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h +10 -0
  312. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +11 -12
  313. data/src/core/lib/security/security_connector/security_connector.cc +2 -0
  314. data/src/core/lib/security/security_connector/security_connector.h +1 -1
  315. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +18 -11
  316. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.h +5 -0
  317. data/src/core/lib/security/security_connector/ssl_utils.cc +44 -23
  318. data/src/core/lib/security/security_connector/ssl_utils.h +6 -2
  319. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +27 -24
  320. data/src/core/lib/security/transport/client_auth_filter.cc +10 -9
  321. data/src/core/lib/security/transport/secure_endpoint.cc +7 -1
  322. data/src/core/lib/security/util/json_util.cc +12 -13
  323. data/src/core/lib/slice/slice.cc +38 -1
  324. data/src/core/lib/slice/slice_internal.h +1 -0
  325. data/src/core/lib/surface/call.cc +52 -53
  326. data/src/core/lib/surface/call.h +2 -1
  327. data/src/core/lib/surface/channel.cc +28 -20
  328. data/src/core/lib/surface/channel.h +12 -2
  329. data/src/core/lib/surface/completion_queue.cc +0 -5
  330. data/src/core/lib/surface/init.cc +1 -1
  331. data/src/core/lib/surface/server.cc +1102 -1347
  332. data/src/core/lib/surface/server.h +369 -71
  333. data/src/core/lib/surface/version.cc +2 -2
  334. data/src/core/lib/transport/authority_override.cc +38 -0
  335. data/src/core/lib/transport/authority_override.h +32 -0
  336. data/src/core/lib/transport/connectivity_state.cc +18 -13
  337. data/src/core/lib/transport/connectivity_state.h +18 -6
  338. data/src/core/lib/transport/error_utils.cc +13 -0
  339. data/src/core/lib/transport/error_utils.h +6 -0
  340. data/src/core/lib/transport/static_metadata.cc +295 -276
  341. data/src/core/lib/transport/static_metadata.h +80 -73
  342. data/src/core/lib/transport/transport.h +13 -0
  343. data/src/core/lib/uri/uri_parser.cc +30 -35
  344. data/src/core/lib/uri/uri_parser.h +3 -1
  345. data/src/core/plugin_registry/grpc_plugin_registry.cc +4 -0
  346. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +23 -13
  347. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +24 -0
  348. data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +2 -0
  349. data/src/core/tsi/ssl_transport_security.cc +102 -11
  350. data/src/core/tsi/ssl_transport_security.h +14 -2
  351. data/src/core/tsi/transport_security_interface.h +5 -0
  352. data/src/ruby/bin/math_services_pb.rb +4 -4
  353. data/src/ruby/ext/grpc/extconf.rb +5 -2
  354. data/src/ruby/ext/grpc/rb_call.c +3 -2
  355. data/src/ruby/ext/grpc/rb_call.h +4 -0
  356. data/src/ruby/ext/grpc/rb_call_credentials.c +54 -10
  357. data/src/ruby/ext/grpc/rb_channel_credentials.c +9 -0
  358. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -2
  359. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -4
  360. data/src/ruby/lib/grpc/generic/client_stub.rb +1 -1
  361. data/src/ruby/lib/grpc/generic/interceptors.rb +1 -1
  362. data/src/ruby/lib/grpc/version.rb +1 -1
  363. data/src/ruby/pb/grpc/health/v1/health_services_pb.rb +2 -2
  364. data/src/ruby/pb/src/proto/grpc/testing/messages_pb.rb +5 -0
  365. data/src/ruby/pb/src/proto/grpc/testing/test_services_pb.rb +28 -12
  366. data/src/ruby/spec/channel_credentials_spec.rb +10 -0
  367. data/src/ruby/spec/generic/active_call_spec.rb +19 -8
  368. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_import2.proto +23 -0
  369. data/src/ruby/spec/pb/codegen/grpc/testing/package_options_ruby_style.proto +2 -0
  370. data/src/ruby/spec/pb/codegen/grpc/testing/same_package_service_name.proto +27 -0
  371. data/src/ruby/spec/pb/codegen/grpc/testing/same_ruby_package_service_name.proto +29 -0
  372. data/src/ruby/spec/pb/codegen/package_option_spec.rb +25 -1
  373. data/src/ruby/spec/user_agent_spec.rb +74 -0
  374. data/third_party/abseil-cpp/absl/algorithm/container.h +1727 -0
  375. data/third_party/abseil-cpp/absl/base/internal/direct_mmap.h +161 -0
  376. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.cc +93 -0
  377. data/third_party/abseil-cpp/absl/base/internal/exponential_biased.h +130 -0
  378. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.cc +620 -0
  379. data/third_party/abseil-cpp/absl/base/internal/low_level_alloc.h +126 -0
  380. data/third_party/abseil-cpp/absl/container/fixed_array.h +515 -0
  381. data/third_party/abseil-cpp/absl/container/flat_hash_set.h +503 -0
  382. data/third_party/abseil-cpp/absl/container/internal/common.h +202 -0
  383. data/third_party/abseil-cpp/absl/container/internal/container_memory.h +440 -0
  384. data/third_party/abseil-cpp/absl/container/internal/hash_function_defaults.h +146 -0
  385. data/third_party/abseil-cpp/absl/container/internal/hash_policy_traits.h +191 -0
  386. data/third_party/abseil-cpp/absl/container/internal/hashtable_debug_hooks.h +85 -0
  387. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.cc +269 -0
  388. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler.h +297 -0
  389. data/third_party/abseil-cpp/absl/container/internal/hashtablez_sampler_force_weak_definition.cc +30 -0
  390. data/third_party/abseil-cpp/absl/container/internal/have_sse.h +49 -0
  391. data/third_party/abseil-cpp/absl/container/internal/layout.h +741 -0
  392. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.cc +48 -0
  393. data/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h +1882 -0
  394. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.cc +138 -0
  395. data/third_party/abseil-cpp/absl/debugging/internal/address_is_readable.h +32 -0
  396. data/third_party/abseil-cpp/absl/debugging/internal/demangle.cc +1895 -0
  397. data/third_party/abseil-cpp/absl/debugging/internal/demangle.h +71 -0
  398. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.cc +382 -0
  399. data/third_party/abseil-cpp/absl/debugging/internal/elf_mem_image.h +134 -0
  400. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_aarch64-inl.inc +192 -0
  401. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_arm-inl.inc +125 -0
  402. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_config.h +70 -0
  403. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_generic-inl.inc +99 -0
  404. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_powerpc-inl.inc +248 -0
  405. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_unimplemented-inl.inc +24 -0
  406. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_win32-inl.inc +85 -0
  407. data/third_party/abseil-cpp/absl/debugging/internal/stacktrace_x86-inl.inc +346 -0
  408. data/third_party/abseil-cpp/absl/debugging/internal/symbolize.h +128 -0
  409. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.cc +194 -0
  410. data/third_party/abseil-cpp/absl/debugging/internal/vdso_support.h +158 -0
  411. data/third_party/abseil-cpp/absl/debugging/stacktrace.cc +140 -0
  412. data/third_party/abseil-cpp/absl/debugging/stacktrace.h +231 -0
  413. data/third_party/abseil-cpp/absl/debugging/symbolize.cc +25 -0
  414. data/third_party/abseil-cpp/absl/debugging/symbolize.h +99 -0
  415. data/third_party/abseil-cpp/absl/debugging/symbolize_elf.inc +1480 -0
  416. data/third_party/abseil-cpp/absl/debugging/symbolize_unimplemented.inc +40 -0
  417. data/third_party/abseil-cpp/absl/debugging/symbolize_win32.inc +81 -0
  418. data/third_party/abseil-cpp/absl/functional/function_ref.h +139 -0
  419. data/third_party/abseil-cpp/absl/functional/internal/function_ref.h +106 -0
  420. data/third_party/abseil-cpp/absl/hash/hash.h +324 -0
  421. data/third_party/abseil-cpp/absl/hash/internal/city.cc +346 -0
  422. data/third_party/abseil-cpp/absl/hash/internal/city.h +96 -0
  423. data/third_party/abseil-cpp/absl/hash/internal/hash.cc +55 -0
  424. data/third_party/abseil-cpp/absl/hash/internal/hash.h +988 -0
  425. data/third_party/abseil-cpp/absl/status/status.cc +447 -0
  426. data/third_party/abseil-cpp/absl/status/status.h +428 -0
  427. data/third_party/abseil-cpp/absl/status/status_payload_printer.cc +43 -0
  428. data/third_party/abseil-cpp/absl/status/status_payload_printer.h +51 -0
  429. data/third_party/abseil-cpp/absl/strings/cord.cc +2019 -0
  430. data/third_party/abseil-cpp/absl/strings/cord.h +1121 -0
  431. data/third_party/abseil-cpp/absl/strings/internal/cord_internal.h +151 -0
  432. data/third_party/abseil-cpp/absl/synchronization/barrier.cc +52 -0
  433. data/third_party/abseil-cpp/absl/synchronization/barrier.h +79 -0
  434. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc +57 -0
  435. data/third_party/abseil-cpp/absl/synchronization/blocking_counter.h +99 -0
  436. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc +140 -0
  437. data/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.h +60 -0
  438. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.cc +697 -0
  439. data/third_party/abseil-cpp/absl/synchronization/internal/graphcycles.h +141 -0
  440. data/third_party/abseil-cpp/absl/synchronization/internal/kernel_timeout.h +155 -0
  441. data/third_party/abseil-cpp/absl/synchronization/internal/mutex_nonprod.inc +261 -0
  442. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.cc +106 -0
  443. data/third_party/abseil-cpp/absl/synchronization/internal/per_thread_sem.h +115 -0
  444. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.cc +484 -0
  445. data/third_party/abseil-cpp/absl/synchronization/internal/waiter.h +159 -0
  446. data/third_party/abseil-cpp/absl/synchronization/mutex.cc +2728 -0
  447. data/third_party/abseil-cpp/absl/synchronization/mutex.h +1056 -0
  448. data/third_party/abseil-cpp/absl/synchronization/notification.cc +78 -0
  449. data/third_party/abseil-cpp/absl/synchronization/notification.h +123 -0
  450. data/third_party/abseil-cpp/absl/types/bad_variant_access.cc +64 -0
  451. data/third_party/abseil-cpp/absl/types/bad_variant_access.h +82 -0
  452. data/third_party/abseil-cpp/absl/types/internal/variant.h +1646 -0
  453. data/third_party/abseil-cpp/absl/types/variant.h +861 -0
  454. data/third_party/boringssl-with-bazel/err_data.c +266 -254
  455. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_bitstr.c +3 -3
  456. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_enum.c +3 -3
  457. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_int.c +1 -1
  458. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_object.c +3 -3
  459. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_time.c +2 -2
  460. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_type.c +1 -1
  461. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn1_lib.c +1 -1
  462. data/third_party/boringssl-with-bazel/src/crypto/asn1/asn_pack.c +1 -1
  463. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_enum.c +1 -1
  464. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_int.c +1 -1
  465. data/third_party/boringssl-with-bazel/src/crypto/asn1/f_string.c +1 -1
  466. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +1 -0
  467. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +12 -52
  468. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +0 -22
  469. data/third_party/boringssl-with-bazel/src/crypto/evp/evp_asn1.c +159 -0
  470. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/aes/mode_wrappers.c +17 -1
  471. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bn/internal.h +11 -1
  472. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +2 -1
  473. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +13 -11
  474. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-x86_64.c +24 -23
  475. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +20 -16
  476. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +2 -2
  477. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/util.c +3 -3
  478. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +62 -0
  479. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +456 -0
  480. data/third_party/boringssl-with-bazel/src/crypto/hpke/internal.h +192 -0
  481. data/third_party/boringssl-with-bazel/src/crypto/mem.c +29 -15
  482. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/internal.h +7 -0
  483. data/third_party/boringssl-with-bazel/src/crypto/pkcs8/pkcs8_x509.c +36 -5
  484. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +0 -29
  485. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +116 -363
  486. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +7 -45
  487. data/third_party/boringssl-with-bazel/src/crypto/x509/a_strex.c +4 -4
  488. data/third_party/boringssl-with-bazel/src/crypto/x509/algorithm.c +8 -0
  489. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +4 -4
  490. data/third_party/boringssl-with-bazel/src/crypto/x509/x509.c +0 -67
  491. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +13 -6
  492. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +10 -0
  493. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_set.c +41 -0
  494. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_trs.c +4 -1
  495. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_vfy.c +28 -9
  496. data/third_party/boringssl-with-bazel/src/crypto/x509/x509cset.c +25 -0
  497. data/third_party/boringssl-with-bazel/src/crypto/x509/x_crl.c +35 -13
  498. data/third_party/boringssl-with-bazel/src/crypto/x509/x_pubkey.c +0 -154
  499. data/third_party/boringssl-with-bazel/src/crypto/x509/x_sig.c +20 -0
  500. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +28 -6
  501. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +5 -0
  502. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_purp.c +74 -35
  503. data/third_party/boringssl-with-bazel/src/include/openssl/aes.h +16 -4
  504. data/third_party/boringssl-with-bazel/src/include/openssl/arm_arch.h +52 -0
  505. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +22 -22
  506. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +2 -2
  507. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +69 -0
  508. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +72 -23
  509. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +2 -3
  510. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +1 -10
  511. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +800 -715
  512. data/third_party/boringssl-with-bazel/src/ssl/handoff.cc +3 -3
  513. data/third_party/boringssl-with-bazel/src/ssl/handshake.cc +9 -2
  514. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +2 -2
  515. data/third_party/boringssl-with-bazel/src/ssl/handshake_server.cc +9 -0
  516. data/third_party/boringssl-with-bazel/src/ssl/internal.h +21 -14
  517. data/third_party/boringssl-with-bazel/src/ssl/ssl_asn1.cc +7 -7
  518. data/third_party/boringssl-with-bazel/src/ssl/ssl_cert.cc +3 -6
  519. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +38 -0
  520. data/third_party/boringssl-with-bazel/src/ssl/ssl_session.cc +4 -24
  521. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +5 -5
  522. data/third_party/boringssl-with-bazel/src/ssl/t1_enc.cc +45 -24
  523. data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +34 -9
  524. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +31 -21
  525. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +17 -9
  526. data/third_party/boringssl-with-bazel/src/ssl/tls_record.cc +5 -3
  527. data/third_party/re2/re2/bitmap256.h +117 -0
  528. data/third_party/re2/re2/bitstate.cc +385 -0
  529. data/third_party/re2/re2/compile.cc +1279 -0
  530. data/third_party/re2/re2/dfa.cc +2130 -0
  531. data/third_party/re2/re2/filtered_re2.cc +121 -0
  532. data/third_party/re2/re2/filtered_re2.h +109 -0
  533. data/third_party/re2/re2/mimics_pcre.cc +197 -0
  534. data/third_party/re2/re2/nfa.cc +713 -0
  535. data/third_party/re2/re2/onepass.cc +623 -0
  536. data/third_party/re2/re2/parse.cc +2464 -0
  537. data/third_party/re2/re2/perl_groups.cc +119 -0
  538. data/third_party/re2/re2/pod_array.h +55 -0
  539. data/third_party/re2/re2/prefilter.cc +710 -0
  540. data/third_party/re2/re2/prefilter.h +108 -0
  541. data/third_party/re2/re2/prefilter_tree.cc +407 -0
  542. data/third_party/re2/re2/prefilter_tree.h +139 -0
  543. data/third_party/re2/re2/prog.cc +988 -0
  544. data/third_party/re2/re2/prog.h +436 -0
  545. data/third_party/re2/re2/re2.cc +1362 -0
  546. data/third_party/re2/re2/re2.h +1002 -0
  547. data/third_party/re2/re2/regexp.cc +980 -0
  548. data/third_party/re2/re2/regexp.h +659 -0
  549. data/third_party/re2/re2/set.cc +154 -0
  550. data/third_party/re2/re2/set.h +80 -0
  551. data/third_party/re2/re2/simplify.cc +657 -0
  552. data/third_party/re2/re2/sparse_array.h +392 -0
  553. data/third_party/re2/re2/sparse_set.h +264 -0
  554. data/third_party/re2/re2/stringpiece.cc +65 -0
  555. data/third_party/re2/re2/stringpiece.h +210 -0
  556. data/third_party/re2/re2/tostring.cc +351 -0
  557. data/third_party/re2/re2/unicode_casefold.cc +582 -0
  558. data/third_party/re2/re2/unicode_casefold.h +78 -0
  559. data/third_party/re2/re2/unicode_groups.cc +6269 -0
  560. data/third_party/re2/re2/unicode_groups.h +67 -0
  561. data/third_party/re2/re2/walker-inl.h +246 -0
  562. data/third_party/re2/util/benchmark.h +156 -0
  563. data/third_party/re2/util/flags.h +26 -0
  564. data/third_party/re2/util/logging.h +109 -0
  565. data/third_party/re2/util/malloc_counter.h +19 -0
  566. data/third_party/re2/util/mix.h +41 -0
  567. data/third_party/re2/util/mutex.h +148 -0
  568. data/third_party/re2/util/pcre.cc +1025 -0
  569. data/third_party/re2/util/pcre.h +681 -0
  570. data/third_party/re2/util/rune.cc +260 -0
  571. data/third_party/re2/util/strutil.cc +149 -0
  572. data/third_party/re2/util/strutil.h +21 -0
  573. data/third_party/re2/util/test.h +50 -0
  574. data/third_party/re2/util/utf.h +44 -0
  575. data/third_party/re2/util/util.h +42 -0
  576. data/third_party/upb/upb/decode.c +517 -505
  577. data/third_party/upb/upb/encode.c +165 -123
  578. data/third_party/upb/upb/msg.c +130 -64
  579. data/third_party/upb/upb/msg.h +418 -14
  580. data/third_party/upb/upb/port_def.inc +35 -6
  581. data/third_party/upb/upb/port_undef.inc +8 -1
  582. data/third_party/upb/upb/table.c +53 -86
  583. data/third_party/upb/upb/table.int.h +11 -52
  584. data/third_party/upb/upb/upb.c +151 -125
  585. data/third_party/upb/upb/upb.h +91 -147
  586. data/third_party/upb/upb/upb.hpp +88 -0
  587. metadata +310 -148
  588. data/src/core/ext/filters/client_channel/xds/xds_api.cc +0 -1906
  589. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.c +0 -21
  590. data/src/core/ext/upb-generated/envoy/api/v2/auth/cert.upb.h +0 -35
  591. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.c +0 -114
  592. data/src/core/ext/upb-generated/envoy/api/v2/auth/common.upb.h +0 -418
  593. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.c +0 -72
  594. data/src/core/ext/upb-generated/envoy/api/v2/auth/secret.upb.h +0 -197
  595. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.c +0 -105
  596. data/src/core/ext/upb-generated/envoy/api/v2/auth/tls.upb.h +0 -378
  597. data/src/core/ext/upb-generated/envoy/api/v2/cds.upb.h +0 -53
  598. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.c +0 -403
  599. data/src/core/ext/upb-generated/envoy/api/v2/cluster.upb.h +0 -1447
  600. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.c +0 -74
  601. data/src/core/ext/upb-generated/envoy/api/v2/cluster/circuit_breaker.upb.h +0 -218
  602. data/src/core/ext/upb-generated/envoy/api/v2/cluster/filter.upb.h +0 -69
  603. data/src/core/ext/upb-generated/envoy/api/v2/cluster/outlier_detection.upb.h +0 -305
  604. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.c +0 -112
  605. data/src/core/ext/upb-generated/envoy/api/v2/core/address.upb.h +0 -328
  606. data/src/core/ext/upb-generated/envoy/api/v2/core/backoff.upb.h +0 -78
  607. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.c +0 -313
  608. data/src/core/ext/upb-generated/envoy/api/v2/core/base.upb.h +0 -897
  609. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.c +0 -96
  610. data/src/core/ext/upb-generated/envoy/api/v2/core/config_source.upb.h +0 -322
  611. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.c +0 -34
  612. data/src/core/ext/upb-generated/envoy/api/v2/core/event_service_config.upb.h +0 -72
  613. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.c +0 -197
  614. data/src/core/ext/upb-generated/envoy/api/v2/core/grpc_service.upb.h +0 -642
  615. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.c +0 -172
  616. data/src/core/ext/upb-generated/envoy/api/v2/core/health_check.upb.h +0 -673
  617. data/src/core/ext/upb-generated/envoy/api/v2/core/http_uri.upb.h +0 -80
  618. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.c +0 -152
  619. data/src/core/ext/upb-generated/envoy/api/v2/core/protocol.upb.h +0 -518
  620. data/src/core/ext/upb-generated/envoy/api/v2/core/socket_option.upb.h +0 -89
  621. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.c +0 -129
  622. data/src/core/ext/upb-generated/envoy/api/v2/discovery.upb.h +0 -392
  623. data/src/core/ext/upb-generated/envoy/api/v2/eds.upb.h +0 -53
  624. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.c +0 -92
  625. data/src/core/ext/upb-generated/envoy/api/v2/endpoint.upb.h +0 -240
  626. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.c +0 -18
  627. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint.upb.h +0 -33
  628. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.c +0 -91
  629. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/endpoint_components.upb.h +0 -266
  630. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.c +0 -112
  631. data/src/core/ext/upb-generated/envoy/api/v2/endpoint/load_report.upb.h +0 -324
  632. data/src/core/ext/upb-generated/envoy/api/v2/lds.upb.h +0 -53
  633. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.c +0 -109
  634. data/src/core/ext/upb-generated/envoy/api/v2/listener.upb.h +0 -399
  635. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.c +0 -18
  636. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener.upb.h +0 -33
  637. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.c +0 -145
  638. data/src/core/ext/upb-generated/envoy/api/v2/listener/listener_components.upb.h +0 -527
  639. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.c +0 -43
  640. data/src/core/ext/upb-generated/envoy/api/v2/listener/udp_listener_config.upb.h +0 -112
  641. data/src/core/ext/upb-generated/envoy/api/v2/rds.upb.h +0 -53
  642. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.c +0 -63
  643. data/src/core/ext/upb-generated/envoy/api/v2/route.upb.h +0 -199
  644. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.c +0 -18
  645. data/src/core/ext/upb-generated/envoy/api/v2/route/route.upb.h +0 -33
  646. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.c +0 -815
  647. data/src/core/ext/upb-generated/envoy/api/v2/route/route_components.upb.h +0 -3032
  648. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.c +0 -59
  649. data/src/core/ext/upb-generated/envoy/api/v2/scoped_route.upb.h +0 -134
  650. data/src/core/ext/upb-generated/envoy/api/v2/srds.upb.h +0 -53
  651. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.c +0 -228
  652. data/src/core/ext/upb-generated/envoy/config/filter/accesslog/v2/accesslog.upb.h +0 -725
  653. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.c +0 -316
  654. data/src/core/ext/upb-generated/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.upb.h +0 -1132
  655. data/src/core/ext/upb-generated/envoy/config/listener/v2/api_listener.upb.h +0 -65
  656. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.c +0 -51
  657. data/src/core/ext/upb-generated/envoy/config/trace/v2/http_tracer.upb.h +0 -125
  658. data/src/core/ext/upb-generated/envoy/service/discovery/v2/ads.upb.h +0 -50
  659. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.c +0 -54
  660. data/src/core/ext/upb-generated/envoy/service/load_stats/v2/lrs.upb.h +0 -134
  661. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.c +0 -63
  662. data/src/core/ext/upb-generated/envoy/type/matcher/regex.upb.h +0 -144
  663. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.c +0 -53
  664. data/src/core/ext/upb-generated/envoy/type/matcher/string.upb.h +0 -133
  665. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.c +0 -88
  666. data/src/core/ext/upb-generated/envoy/type/metadata/v2/metadata.upb.h +0 -258
  667. data/src/core/ext/upb-generated/envoy/type/percent.upb.h +0 -87
  668. data/src/core/ext/upb-generated/envoy/type/range.upb.h +0 -112
  669. data/src/core/ext/upb-generated/envoy/type/semantic_version.upb.h +0 -62
  670. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.c +0 -89
  671. data/src/core/ext/upb-generated/envoy/type/tracing/v2/custom_tag.upb.h +0 -249
  672. data/src/core/lib/security/transport/target_authority_table.cc +0 -75
  673. data/src/core/lib/security/transport/target_authority_table.h +0 -40
  674. data/src/core/lib/slice/slice_hash_table.h +0 -199
  675. data/src/core/lib/slice/slice_weak_hash_table.h +0 -102
  676. data/third_party/upb/upb/generated_util.h +0 -105
@@ -28,6 +28,8 @@
28
28
  #include <sys/types.h>
29
29
  #include <sys/un.h>
30
30
 
31
+ #include "absl/strings/str_cat.h"
32
+
31
33
  #include "src/core/lib/iomgr/unix_sockets_posix.h"
32
34
 
33
35
  #include <grpc/support/alloc.h>
@@ -44,14 +46,10 @@ grpc_error* grpc_resolve_unix_domain_address(const char* name,
44
46
  struct sockaddr_un* un;
45
47
  if (strlen(name) >
46
48
  GPR_ARRAY_SIZE(((struct sockaddr_un*)nullptr)->sun_path) - 1) {
47
- char* err_msg;
48
- grpc_error* err;
49
- gpr_asprintf(&err_msg,
50
- "Path name should not have more than %" PRIuPTR " characters.",
51
- GPR_ARRAY_SIZE(un->sun_path) - 1);
52
- err = GRPC_ERROR_CREATE_FROM_COPIED_STRING(err_msg);
53
- gpr_free(err_msg);
54
- return err;
49
+ return GRPC_ERROR_CREATE_FROM_COPIED_STRING(
50
+ absl::StrCat("Path name should not have more than ",
51
+ GPR_ARRAY_SIZE(un->sun_path) - 1, " characters")
52
+ .c_str());
55
53
  }
56
54
  *addrs = static_cast<grpc_resolved_addresses*>(
57
55
  gpr_malloc(sizeof(grpc_resolved_addresses)));
@@ -88,17 +86,14 @@ void grpc_unlink_if_unix_domain_socket(
88
86
  }
89
87
  }
90
88
 
91
- char* grpc_sockaddr_to_uri_unix_if_possible(
89
+ std::string grpc_sockaddr_to_uri_unix_if_possible(
92
90
  const grpc_resolved_address* resolved_addr) {
93
91
  const grpc_sockaddr* addr =
94
92
  reinterpret_cast<const grpc_sockaddr*>(resolved_addr->addr);
95
93
  if (addr->sa_family != AF_UNIX) {
96
- return nullptr;
94
+ return "";
97
95
  }
98
-
99
- char* result;
100
- gpr_asprintf(&result, "unix:%s", ((struct sockaddr_un*)addr)->sun_path);
101
- return result;
96
+ return absl::StrCat("unix:", ((struct sockaddr_un*)addr)->sun_path);
102
97
  }
103
98
 
104
99
  #endif
@@ -21,6 +21,8 @@
21
21
 
22
22
  #include <grpc/support/port_platform.h>
23
23
 
24
+ #include <string>
25
+
24
26
  #include "src/core/lib/iomgr/port.h"
25
27
 
26
28
  #include <grpc/support/string_util.h>
@@ -37,7 +39,7 @@ int grpc_is_unix_socket(const grpc_resolved_address* resolved_addr);
37
39
  void grpc_unlink_if_unix_domain_socket(
38
40
  const grpc_resolved_address* resolved_addr);
39
41
 
40
- char* grpc_sockaddr_to_uri_unix_if_possible(
42
+ std::string grpc_sockaddr_to_uri_unix_if_possible(
41
43
  const grpc_resolved_address* resolved_addr);
42
44
 
43
45
  #endif /* GRPC_CORE_LIB_IOMGR_UNIX_SOCKETS_POSIX_H */
@@ -22,6 +22,8 @@
22
22
 
23
23
  #ifndef GRPC_HAVE_UNIX_SOCKET
24
24
 
25
+ #include <string>
26
+
25
27
  #include <grpc/support/log.h>
26
28
 
27
29
  void grpc_create_socketpair_if_unix(int sv[2]) {
@@ -42,8 +44,9 @@ int grpc_is_unix_socket(const grpc_resolved_address* addr) { return false; }
42
44
 
43
45
  void grpc_unlink_if_unix_domain_socket(const grpc_resolved_address* addr) {}
44
46
 
45
- char* grpc_sockaddr_to_uri_unix_if_possible(const grpc_resolved_address* addr) {
46
- return NULL;
47
+ std::string grpc_sockaddr_to_uri_unix_if_possible(
48
+ const grpc_resolved_address* addr) {
49
+ return "";
47
50
  }
48
51
 
49
52
  #endif
@@ -20,8 +20,12 @@
20
20
 
21
21
  #include <string.h>
22
22
 
23
+ #include <string>
24
+
25
+ #include "absl/strings/str_cat.h"
26
+ #include "absl/strings/str_format.h"
27
+
23
28
  #include <grpc/support/log.h>
24
- #include <grpc/support/string_util.h>
25
29
 
26
30
  #include "src/core/lib/json/json.h"
27
31
 
@@ -176,11 +180,10 @@ Json* JsonReader::CreateAndLinkValue() {
176
180
  if (errors_.size() == GRPC_JSON_MAX_ERRORS) {
177
181
  truncated_errors_ = true;
178
182
  } else {
179
- char* msg;
180
- gpr_asprintf(&msg, "duplicate key \"%s\" at index %" PRIuPTR,
181
- key_.c_str(), CurrentIndex());
182
- errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg));
183
- gpr_free(msg);
183
+ errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
184
+ absl::StrFormat("duplicate key \"%s\" at index %" PRIuPTR, key_,
185
+ CurrentIndex())
186
+ .c_str()));
184
187
  }
185
188
  }
186
189
  value = &(*parent->mutable_object())[std::move(key_)];
@@ -198,11 +201,10 @@ bool JsonReader::StartContainer(Json::Type type) {
198
201
  if (errors_.size() == GRPC_JSON_MAX_ERRORS) {
199
202
  truncated_errors_ = true;
200
203
  } else {
201
- char* msg;
202
- gpr_asprintf(&msg, "exceeded max stack depth (%d) at index %" PRIuPTR,
203
- GRPC_JSON_MAX_DEPTH, CurrentIndex());
204
- errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg));
205
- gpr_free(msg);
204
+ errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
205
+ absl::StrFormat("exceeded max stack depth (%d) at index %" PRIuPTR,
206
+ GRPC_JSON_MAX_DEPTH, CurrentIndex())
207
+ .c_str()));
206
208
  }
207
209
  return false;
208
210
  }
@@ -824,17 +826,14 @@ grpc_error* JsonReader::Parse(absl::string_view input, Json* output) {
824
826
  "errors and try again to see additional errors"));
825
827
  }
826
828
  if (status == Status::GRPC_JSON_INTERNAL_ERROR) {
827
- char* msg;
828
- gpr_asprintf(&msg, "internal error in JSON parser at index %" PRIuPTR,
829
- reader.CurrentIndex());
830
- reader.errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg));
831
- gpr_free(msg);
829
+ reader.errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
830
+ absl::StrCat("internal error in JSON parser at index ",
831
+ reader.CurrentIndex())
832
+ .c_str()));
832
833
  } else if (status == Status::GRPC_JSON_PARSE_ERROR) {
833
- char* msg;
834
- gpr_asprintf(&msg, "JSON parse error at index %" PRIuPTR,
835
- reader.CurrentIndex());
836
- reader.errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg));
837
- gpr_free(msg);
834
+ reader.errors_.push_back(GRPC_ERROR_CREATE_FROM_COPIED_STRING(
835
+ absl::StrCat("JSON parse error at index ", reader.CurrentIndex())
836
+ .c_str()));
838
837
  }
839
838
  if (!reader.errors_.empty()) {
840
839
  return GRPC_ERROR_CREATE_FROM_VECTOR("JSON parsing failed",
@@ -0,0 +1,177 @@
1
+ // Copyright 2020 gRPC authors.
2
+ //
3
+ // Licensed under the Apache License, Version 2.0 (the "License");
4
+ // you may not use this file except in compliance with the License.
5
+ // You may obtain a copy of the License at
6
+ //
7
+ // http://www.apache.org/licenses/LICENSE-2.0
8
+ //
9
+ // Unless required by applicable law or agreed to in writing, software
10
+ // distributed under the License is distributed on an "AS IS" BASIS,
11
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ // See the License for the specific language governing permissions and
13
+ // limitations under the License.
14
+
15
+ #include <grpc/support/port_platform.h>
16
+
17
+ #include "absl/memory/memory.h"
18
+
19
+ #include "src/core/lib/security/authorization/authorization_engine.h"
20
+
21
+ namespace grpc_core {
22
+
23
+ namespace {
24
+
25
+ // Symbols for traversing Envoy Attributes
26
+ constexpr char kUrlPath[] = "url_path";
27
+ constexpr char kHost[] = "host";
28
+ constexpr char kMethod[] = "method";
29
+ constexpr char kHeaders[] = "headers";
30
+ constexpr char kSourceAddress[] = "source_address";
31
+ constexpr char kSourcePort[] = "source_port";
32
+ constexpr char kDestinationAddress[] = "destination_address";
33
+ constexpr char kDestinationPort[] = "destination_port";
34
+ constexpr char kSpiffeId[] = "spiffe_id";
35
+ constexpr char kCertServerName[] = "cert_server_name";
36
+
37
+ } // namespace
38
+
39
+ std::unique_ptr<AuthorizationEngine>
40
+ AuthorizationEngine::CreateAuthorizationEngine(
41
+ const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies) {
42
+ if (rbac_policies.empty() || rbac_policies.size() > 2) {
43
+ gpr_log(GPR_ERROR,
44
+ "Invalid rbac policies vector. Must contain either one or two rbac "
45
+ "policies.");
46
+ return nullptr;
47
+ } else if (rbac_policies.size() == 2 &&
48
+ (envoy_config_rbac_v3_RBAC_action(rbac_policies[0]) != kDeny ||
49
+ envoy_config_rbac_v3_RBAC_action(rbac_policies[1]) != kAllow)) {
50
+ gpr_log(GPR_ERROR,
51
+ "Invalid rbac policies vector. Must contain one deny \
52
+ policy and one allow policy, in that order.");
53
+ return nullptr;
54
+ } else {
55
+ return absl::make_unique<AuthorizationEngine>(rbac_policies);
56
+ }
57
+ }
58
+
59
+ AuthorizationEngine::AuthorizationEngine(
60
+ const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies) {
61
+ for (const auto& rbac_policy : rbac_policies) {
62
+ // Extract array of policies and store their condition fields in either
63
+ // allow_if_matched_ or deny_if_matched_, depending on the policy action.
64
+ upb::Arena temp_arena;
65
+ size_t policy_num = UPB_MAP_BEGIN;
66
+ const envoy_config_rbac_v3_RBAC_PoliciesEntry* policy_entry;
67
+ while ((policy_entry = envoy_config_rbac_v3_RBAC_policies_next(
68
+ rbac_policy, &policy_num)) != nullptr) {
69
+ const upb_strview policy_name_strview =
70
+ envoy_config_rbac_v3_RBAC_PoliciesEntry_key(policy_entry);
71
+ const std::string policy_name(policy_name_strview.data,
72
+ policy_name_strview.size);
73
+ const envoy_config_rbac_v3_Policy* policy =
74
+ envoy_config_rbac_v3_RBAC_PoliciesEntry_value(policy_entry);
75
+ const google_api_expr_v1alpha1_Expr* condition =
76
+ envoy_config_rbac_v3_Policy_condition(policy);
77
+ // Parse condition to make a pointer tied to the lifetime of arena_.
78
+ size_t serial_len;
79
+ const char* serialized = google_api_expr_v1alpha1_Expr_serialize(
80
+ condition, temp_arena.ptr(), &serial_len);
81
+ const google_api_expr_v1alpha1_Expr* parsed_condition =
82
+ google_api_expr_v1alpha1_Expr_parse(serialized, serial_len,
83
+ arena_.ptr());
84
+ if (envoy_config_rbac_v3_RBAC_action(rbac_policy) == kAllow) {
85
+ allow_if_matched_.insert(std::make_pair(policy_name, parsed_condition));
86
+ } else {
87
+ deny_if_matched_.insert(std::make_pair(policy_name, parsed_condition));
88
+ }
89
+ }
90
+ }
91
+ }
92
+
93
+ std::unique_ptr<mock_cel::Activation> AuthorizationEngine::CreateActivation(
94
+ const EvaluateArgs& args) {
95
+ std::unique_ptr<mock_cel::Activation> activation;
96
+ for (const auto& elem : envoy_attributes_) {
97
+ if (elem == kUrlPath) {
98
+ absl::string_view url_path(args.GetPath());
99
+ if (!url_path.empty()) {
100
+ activation->InsertValue(kUrlPath,
101
+ mock_cel::CelValue::CreateStringView(url_path));
102
+ }
103
+ } else if (elem == kHost) {
104
+ absl::string_view host(args.GetHost());
105
+ if (!host.empty()) {
106
+ activation->InsertValue(kHost,
107
+ mock_cel::CelValue::CreateStringView(host));
108
+ }
109
+ } else if (elem == kMethod) {
110
+ absl::string_view method(args.GetMethod());
111
+ if (!method.empty()) {
112
+ activation->InsertValue(kMethod,
113
+ mock_cel::CelValue::CreateStringView(method));
114
+ }
115
+ } else if (elem == kHeaders) {
116
+ std::multimap<absl::string_view, absl::string_view> headers =
117
+ args.GetHeaders();
118
+ std::vector<std::pair<mock_cel::CelValue, mock_cel::CelValue>>
119
+ header_items;
120
+ for (const auto& header_key : header_keys_) {
121
+ auto header_item = headers.find(header_key);
122
+ if (header_item != headers.end()) {
123
+ header_items.push_back(
124
+ std::pair<mock_cel::CelValue, mock_cel::CelValue>(
125
+ mock_cel::CelValue::CreateStringView(header_key),
126
+ mock_cel::CelValue::CreateStringView(header_item->second)));
127
+ }
128
+ }
129
+ headers_ = mock_cel::ContainerBackedMapImpl::Create(
130
+ absl::Span<std::pair<mock_cel::CelValue, mock_cel::CelValue>>(
131
+ header_items));
132
+ activation->InsertValue(kHeaders,
133
+ mock_cel::CelValue::CreateMap(headers_.get()));
134
+ } else if (elem == kSourceAddress) {
135
+ absl::string_view source_address(args.GetPeerAddress());
136
+ if (!source_address.empty()) {
137
+ activation->InsertValue(
138
+ kSourceAddress,
139
+ mock_cel::CelValue::CreateStringView(source_address));
140
+ }
141
+ } else if (elem == kSourcePort) {
142
+ activation->InsertValue(
143
+ kSourcePort, mock_cel::CelValue::CreateInt64(args.GetPeerPort()));
144
+ } else if (elem == kDestinationAddress) {
145
+ absl::string_view destination_address(args.GetLocalAddress());
146
+ if (!destination_address.empty()) {
147
+ activation->InsertValue(
148
+ kDestinationAddress,
149
+ mock_cel::CelValue::CreateStringView(destination_address));
150
+ }
151
+ } else if (elem == kDestinationPort) {
152
+ activation->InsertValue(kDestinationPort, mock_cel::CelValue::CreateInt64(
153
+ args.GetLocalPort()));
154
+ } else if (elem == kSpiffeId) {
155
+ absl::string_view spiffe_id(args.GetSpiffeId());
156
+ if (!spiffe_id.empty()) {
157
+ activation->InsertValue(
158
+ kSpiffeId, mock_cel::CelValue::CreateStringView(spiffe_id));
159
+ }
160
+ } else if (elem == kCertServerName) {
161
+ absl::string_view cert_server_name(args.GetCertServerName());
162
+ if (!cert_server_name.empty()) {
163
+ activation->InsertValue(
164
+ kCertServerName,
165
+ mock_cel::CelValue::CreateStringView(cert_server_name));
166
+ }
167
+ } else {
168
+ gpr_log(GPR_ERROR,
169
+ "Error: Authorization engine does not support evaluating "
170
+ "attribute %s.",
171
+ elem.c_str());
172
+ }
173
+ }
174
+ return activation;
175
+ }
176
+
177
+ } // namespace grpc_core
@@ -0,0 +1,84 @@
1
+
2
+ // Copyright 2020 gRPC authors.
3
+ //
4
+ // Licensed under the Apache License, Version 2.0 (the "License");
5
+ // you may not use this file except in compliance with the License.
6
+ // You may obtain a copy of the License at
7
+ //
8
+ // http://www.apache.org/licenses/LICENSE-2.0
9
+ //
10
+ // Unless required by applicable law or agreed to in writing, software
11
+ // distributed under the License is distributed on an "AS IS" BASIS,
12
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+ // See the License for the specific language governing permissions and
14
+ // limitations under the License.
15
+
16
+ #ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
17
+ #define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
18
+
19
+ #include <grpc/support/port_platform.h>
20
+
21
+ #include <grpc/support/log.h>
22
+ #include <map>
23
+ #include <memory>
24
+ #include <string>
25
+ #include <vector>
26
+
27
+ #include "absl/container/flat_hash_set.h"
28
+ #include "envoy/config/rbac/v3/rbac.upb.h"
29
+ #include "google/api/expr/v1alpha1/syntax.upb.h"
30
+ #include "upb/upb.hpp"
31
+
32
+ #include "src/core/lib/security/authorization/evaluate_args.h"
33
+ #include "src/core/lib/security/authorization/mock_cel/activation.h"
34
+
35
+ namespace grpc_core {
36
+
37
+ // AuthorizationEngine makes an AuthorizationDecision to ALLOW or DENY the
38
+ // current action based on the condition fields in provided RBAC policies.
39
+ // The engine may be constructed with one or two policies. If two polcies,
40
+ // the first policy is deny-if-matched and the second is allow-if-matched.
41
+ // The engine returns UNDECIDED decision if it fails to find a match in any
42
+ // policy. This engine ignores the principal and permission fields in RBAC
43
+ // policies. It is the caller's responsibility to provide RBAC policies that
44
+ // are compatible with this engine.
45
+ //
46
+ // Example:
47
+ // AuthorizationEngine*
48
+ // auth_engine = AuthorizationEngine::CreateAuthorizationEngine(rbac_policies);
49
+ // auth_engine->Evaluate(evaluate_args); // returns authorization decision.
50
+ class AuthorizationEngine {
51
+ public:
52
+ // rbac_policies must be a vector containing either a single policy of any
53
+ // kind, or one deny policy and one allow policy, in that order.
54
+ static std::unique_ptr<AuthorizationEngine> CreateAuthorizationEngine(
55
+ const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies);
56
+
57
+ // Users should use the CreateAuthorizationEngine factory function
58
+ // instead of calling the AuthorizationEngine constructor directly.
59
+ explicit AuthorizationEngine(
60
+ const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies);
61
+ // TODO(mywang@google.com): add an Evaluate member function.
62
+
63
+ private:
64
+ enum Action {
65
+ kAllow,
66
+ kDeny,
67
+ };
68
+
69
+ std::unique_ptr<mock_cel::Activation> CreateActivation(
70
+ const EvaluateArgs& args);
71
+
72
+ std::map<const std::string, const google_api_expr_v1alpha1_Expr*>
73
+ deny_if_matched_;
74
+ std::map<const std::string, const google_api_expr_v1alpha1_Expr*>
75
+ allow_if_matched_;
76
+ upb::Arena arena_;
77
+ absl::flat_hash_set<std::string> envoy_attributes_;
78
+ absl::flat_hash_set<std::string> header_keys_;
79
+ std::unique_ptr<mock_cel::CelMap> headers_;
80
+ };
81
+
82
+ } // namespace grpc_core
83
+
84
+ #endif /* GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H */
@@ -0,0 +1,153 @@
1
+ //
2
+ //
3
+ // Copyright 2020 gRPC authors.
4
+ //
5
+ // Licensed under the Apache License, Version 2.0 (the "License");
6
+ // you may not use this file except in compliance with the License.
7
+ // You may obtain a copy of the License at
8
+ //
9
+ // http://www.apache.org/licenses/LICENSE-2.0
10
+ //
11
+ // Unless required by applicable law or agreed to in writing, software
12
+ // distributed under the License is distributed on an "AS IS" BASIS,
13
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ // See the License for the specific language governing permissions and
15
+ // limitations under the License.
16
+ //
17
+ //
18
+
19
+ #include <grpc/support/port_platform.h>
20
+
21
+ #include "src/core/lib/security/authorization/evaluate_args.h"
22
+
23
+ #include "src/core/lib/iomgr/parse_address.h"
24
+ #include "src/core/lib/iomgr/resolve_address.h"
25
+ #include "src/core/lib/iomgr/sockaddr_utils.h"
26
+ #include "src/core/lib/slice/slice_utils.h"
27
+
28
+ namespace grpc_core {
29
+
30
+ absl::string_view EvaluateArgs::GetPath() const {
31
+ absl::string_view path;
32
+ if (metadata_ != nullptr && metadata_->idx.named.path != nullptr) {
33
+ grpc_linked_mdelem* elem = metadata_->idx.named.path;
34
+ const grpc_slice& val = GRPC_MDVALUE(elem->md);
35
+ path = StringViewFromSlice(val);
36
+ }
37
+ return path;
38
+ }
39
+
40
+ absl::string_view EvaluateArgs::GetHost() const {
41
+ absl::string_view host;
42
+ if (metadata_ != nullptr && metadata_->idx.named.host != nullptr) {
43
+ grpc_linked_mdelem* elem = metadata_->idx.named.host;
44
+ const grpc_slice& val = GRPC_MDVALUE(elem->md);
45
+ host = StringViewFromSlice(val);
46
+ }
47
+ return host;
48
+ }
49
+
50
+ absl::string_view EvaluateArgs::GetMethod() const {
51
+ absl::string_view method;
52
+ if (metadata_ != nullptr && metadata_->idx.named.method != nullptr) {
53
+ grpc_linked_mdelem* elem = metadata_->idx.named.method;
54
+ const grpc_slice& val = GRPC_MDVALUE(elem->md);
55
+ method = StringViewFromSlice(val);
56
+ }
57
+ return method;
58
+ }
59
+
60
+ std::multimap<absl::string_view, absl::string_view> EvaluateArgs::GetHeaders()
61
+ const {
62
+ std::multimap<absl::string_view, absl::string_view> headers;
63
+ if (metadata_ == nullptr) {
64
+ return headers;
65
+ }
66
+ for (grpc_linked_mdelem* elem = metadata_->list.head; elem != nullptr;
67
+ elem = elem->next) {
68
+ const grpc_slice& key = GRPC_MDKEY(elem->md);
69
+ const grpc_slice& val = GRPC_MDVALUE(elem->md);
70
+ headers.emplace(StringViewFromSlice(key), StringViewFromSlice(val));
71
+ }
72
+ return headers;
73
+ }
74
+
75
+ absl::string_view EvaluateArgs::GetLocalAddress() const {
76
+ absl::string_view addr = grpc_endpoint_get_local_address(endpoint_);
77
+ size_t first_colon = addr.find(":");
78
+ size_t last_colon = addr.rfind(":");
79
+ if (first_colon == std::string::npos || last_colon == std::string::npos) {
80
+ return "";
81
+ } else {
82
+ return addr.substr(first_colon + 1, last_colon - first_colon - 1);
83
+ }
84
+ }
85
+
86
+ int EvaluateArgs::GetLocalPort() const {
87
+ if (endpoint_ == nullptr) {
88
+ return 0;
89
+ }
90
+ grpc_uri* uri = grpc_uri_parse(
91
+ std::string(grpc_endpoint_get_local_address(endpoint_)).c_str(), true);
92
+ grpc_resolved_address resolved_addr;
93
+ if (uri == nullptr || !grpc_parse_uri(uri, &resolved_addr)) {
94
+ grpc_uri_destroy(uri);
95
+ return 0;
96
+ }
97
+ grpc_uri_destroy(uri);
98
+ return grpc_sockaddr_get_port(&resolved_addr);
99
+ }
100
+
101
+ absl::string_view EvaluateArgs::GetPeerAddress() const {
102
+ absl::string_view addr = grpc_endpoint_get_peer(endpoint_);
103
+ size_t first_colon = addr.find(":");
104
+ size_t last_colon = addr.rfind(":");
105
+ if (first_colon == std::string::npos || last_colon == std::string::npos) {
106
+ return "";
107
+ } else {
108
+ return addr.substr(first_colon + 1, last_colon - first_colon - 1);
109
+ }
110
+ }
111
+
112
+ int EvaluateArgs::GetPeerPort() const {
113
+ if (endpoint_ == nullptr) {
114
+ return 0;
115
+ }
116
+ grpc_uri* uri = grpc_uri_parse(
117
+ std::string(grpc_endpoint_get_peer(endpoint_)).c_str(), true);
118
+ grpc_resolved_address resolved_addr;
119
+ if (uri == nullptr || !grpc_parse_uri(uri, &resolved_addr)) {
120
+ grpc_uri_destroy(uri);
121
+ return 0;
122
+ }
123
+ grpc_uri_destroy(uri);
124
+ return grpc_sockaddr_get_port(&resolved_addr);
125
+ }
126
+
127
+ absl::string_view EvaluateArgs::GetSpiffeId() const {
128
+ if (auth_context_ == nullptr) {
129
+ return "";
130
+ }
131
+ grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
132
+ auth_context_, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME);
133
+ const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
134
+ if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
135
+ return "";
136
+ }
137
+ return absl::string_view(prop->value, prop->value_length);
138
+ }
139
+
140
+ absl::string_view EvaluateArgs::GetCertServerName() const {
141
+ if (auth_context_ == nullptr) {
142
+ return "";
143
+ }
144
+ grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
145
+ auth_context_, GRPC_X509_CN_PROPERTY_NAME);
146
+ const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
147
+ if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
148
+ return "";
149
+ }
150
+ return absl::string_view(prop->value, prop->value_length);
151
+ }
152
+
153
+ } // namespace grpc_core