RubyGems - grpc - Versions diffs - 1.36.0 → 1.37.0.pre1 - Mend

grpc 1.36.0 → 1.37.0.pre1

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (221) hide show

data/src/core/lib/security/authorization/authorization_engine.h DELETED Viewed

@@ -1,84 +0,0 @@
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
-#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
-#include <grpc/support/port_platform.h>
-#include <grpc/support/log.h>
-#include <map>
-#include <memory>
-#include <string>
-#include <vector>
-#include "absl/container/flat_hash_set.h"
-#include "envoy/config/rbac/v3/rbac.upb.h"
-#include "google/api/expr/v1alpha1/syntax.upb.h"
-#include "upb/upb.hpp"
-#include "src/core/lib/security/authorization/evaluate_args.h"
-#include "src/core/lib/security/authorization/mock_cel/activation.h"
-namespace grpc_core {
-// AuthorizationEngine makes an AuthorizationDecision to ALLOW or DENY the
-// current action based on the condition fields in provided RBAC policies.
-// The engine may be constructed with one or two policies. If two polcies,
-// the first policy is deny-if-matched and the second is allow-if-matched.
-// The engine returns UNDECIDED decision if it fails to find a match in any
-// policy. This engine ignores the principal and permission fields in RBAC
-// policies. It is the caller's responsibility to provide RBAC policies that
-// are compatible with this engine.
-//
-// Example:
-// AuthorizationEngine*
-// auth_engine = AuthorizationEngine::CreateAuthorizationEngine(rbac_policies);
-// auth_engine->Evaluate(evaluate_args); // returns authorization decision.
-class AuthorizationEngine {
- public:
-  // rbac_policies must be a vector containing either a single policy of any
-  // kind, or one deny policy and one allow policy, in that order.
-  static std::unique_ptr<AuthorizationEngine> CreateAuthorizationEngine(
-      const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies);
-  // Users should use the CreateAuthorizationEngine factory function
-  // instead of calling the AuthorizationEngine constructor directly.
-  explicit AuthorizationEngine(
-      const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies);
-  // TODO(mywang@google.com): add an Evaluate member function.
- private:
-  enum Action {
-    kAllow,
-    kDeny,
-  };
-  std::unique_ptr<mock_cel::Activation> CreateActivation(
-      const EvaluateArgs& args);
-  std::map<const std::string, const google_api_expr_v1alpha1_Expr*>
-      deny_if_matched_;
-  std::map<const std::string, const google_api_expr_v1alpha1_Expr*>
-      allow_if_matched_;
-  upb::Arena arena_;
-  absl::flat_hash_set<std::string> envoy_attributes_;
-  absl::flat_hash_set<std::string> header_keys_;
-  std::unique_ptr<mock_cel::CelMap> headers_;
-};
-}  // namespace grpc_core
-#endif /* GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H */

data/src/core/lib/security/authorization/evaluate_args.cc DELETED Viewed

@@ -1,148 +0,0 @@
-//
-//
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-//
-#include <grpc/support/port_platform.h>
-#include "src/core/lib/security/authorization/evaluate_args.h"
-#include "src/core/lib/iomgr/parse_address.h"
-#include "src/core/lib/iomgr/resolve_address.h"
-#include "src/core/lib/iomgr/sockaddr_utils.h"
-#include "src/core/lib/slice/slice_utils.h"
-namespace grpc_core {
-absl::string_view EvaluateArgs::GetPath() const {
-  absl::string_view path;
-  if (metadata_ != nullptr && metadata_->idx.named.path != nullptr) {
-    grpc_linked_mdelem* elem = metadata_->idx.named.path;
-    const grpc_slice& val = GRPC_MDVALUE(elem->md);
-    path = StringViewFromSlice(val);
-  }
-  return path;
-}
-absl::string_view EvaluateArgs::GetHost() const {
-  absl::string_view host;
-  if (metadata_ != nullptr && metadata_->idx.named.host != nullptr) {
-    grpc_linked_mdelem* elem = metadata_->idx.named.host;
-    const grpc_slice& val = GRPC_MDVALUE(elem->md);
-    host = StringViewFromSlice(val);
-  }
-  return host;
-}
-absl::string_view EvaluateArgs::GetMethod() const {
-  absl::string_view method;
-  if (metadata_ != nullptr && metadata_->idx.named.method != nullptr) {
-    grpc_linked_mdelem* elem = metadata_->idx.named.method;
-    const grpc_slice& val = GRPC_MDVALUE(elem->md);
-    method = StringViewFromSlice(val);
-  }
-  return method;
-}
-std::multimap<absl::string_view, absl::string_view> EvaluateArgs::GetHeaders()
-    const {
-  std::multimap<absl::string_view, absl::string_view> headers;
-  if (metadata_ == nullptr) {
-    return headers;
-  }
-  for (grpc_linked_mdelem* elem = metadata_->list.head; elem != nullptr;
-       elem = elem->next) {
-    const grpc_slice& key = GRPC_MDKEY(elem->md);
-    const grpc_slice& val = GRPC_MDVALUE(elem->md);
-    headers.emplace(StringViewFromSlice(key), StringViewFromSlice(val));
-  }
-  return headers;
-}
-absl::string_view EvaluateArgs::GetLocalAddress() const {
-  absl::string_view addr = grpc_endpoint_get_local_address(endpoint_);
-  size_t first_colon = addr.find(":");
-  size_t last_colon = addr.rfind(":");
-  if (first_colon == std::string::npos || last_colon == std::string::npos) {
-    return "";
-  } else {
-    return addr.substr(first_colon + 1, last_colon - first_colon - 1);
-  }
-}
-int EvaluateArgs::GetLocalPort() const {
-  if (endpoint_ == nullptr) {
-    return 0;
-  }
-  absl::StatusOr<URI> uri =
-      URI::Parse(grpc_endpoint_get_local_address(endpoint_));
-  grpc_resolved_address resolved_addr;
-  if (!uri.ok() || !grpc_parse_uri(*uri, &resolved_addr)) {
-    return 0;
-  }
-  return grpc_sockaddr_get_port(&resolved_addr);
-}
-absl::string_view EvaluateArgs::GetPeerAddress() const {
-  absl::string_view addr = grpc_endpoint_get_peer(endpoint_);
-  size_t first_colon = addr.find(":");
-  size_t last_colon = addr.rfind(":");
-  if (first_colon == std::string::npos || last_colon == std::string::npos) {
-    return "";
-  } else {
-    return addr.substr(first_colon + 1, last_colon - first_colon - 1);
-  }
-}
-int EvaluateArgs::GetPeerPort() const {
-  if (endpoint_ == nullptr) {
-    return 0;
-  }
-  absl::StatusOr<URI> uri = URI::Parse(grpc_endpoint_get_peer(endpoint_));
-  grpc_resolved_address resolved_addr;
-  if (!uri.ok() || !grpc_parse_uri(*uri, &resolved_addr)) {
-    return 0;
-  }
-  return grpc_sockaddr_get_port(&resolved_addr);
-}
-absl::string_view EvaluateArgs::GetSpiffeId() const {
-  if (auth_context_ == nullptr) {
-    return "";
-  }
-  grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
-      auth_context_, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME);
-  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
-  if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
-    return "";
-  }
-  return absl::string_view(prop->value, prop->value_length);
-}
-absl::string_view EvaluateArgs::GetCertServerName() const {
-  if (auth_context_ == nullptr) {
-    return "";
-  }
-  grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
-      auth_context_, GRPC_X509_CN_PROPERTY_NAME);
-  const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
-  if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
-    return "";
-  }
-  return absl::string_view(prop->value, prop->value_length);
-}
-}  // namespace grpc_core

data/src/core/lib/security/authorization/evaluate_args.h DELETED Viewed

@@ -1,59 +0,0 @@
-//
-//
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-//
-#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
-#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
-#include <grpc/support/port_platform.h>
-#include <map>
-#include "src/core/lib/iomgr/endpoint.h"
-#include "src/core/lib/security/context/security_context.h"
-#include "src/core/lib/transport/metadata_batch.h"
-namespace grpc_core {
-class EvaluateArgs {
- public:
-  EvaluateArgs(grpc_metadata_batch* metadata, grpc_auth_context* auth_context,
-               grpc_endpoint* endpoint)
-      : metadata_(metadata), auth_context_(auth_context), endpoint_(endpoint) {}
-  absl::string_view GetPath() const;
-  absl::string_view GetHost() const;
-  absl::string_view GetMethod() const;
-  std::multimap<absl::string_view, absl::string_view> GetHeaders() const;
-  absl::string_view GetLocalAddress() const;
-  int GetLocalPort() const;
-  absl::string_view GetPeerAddress() const;
-  int GetPeerPort() const;
-  absl::string_view GetSpiffeId() const;
-  absl::string_view GetCertServerName() const;
-  // TODO(unknown): Add a getter function for source.principal
- private:
-  grpc_metadata_batch* metadata_;
-  grpc_auth_context* auth_context_;
-  grpc_endpoint* endpoint_;
-};
-}  // namespace grpc_core
-#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H

data/src/core/lib/security/authorization/mock_cel/activation.h DELETED Viewed

@@ -1,57 +0,0 @@
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_ACTIVATION_H
-#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_ACTIVATION_H
-#include <grpc/support/port_platform.h>
-#include "absl/strings/string_view.h"
-#include "src/core/lib/security/authorization/mock_cel/cel_value.h"
-namespace grpc_core {
-namespace mock_cel {
-// Base class for an activation. This is a temporary stub implementation of CEL
-// APIs. Once gRPC imports the CEL library, this class will be removed.
-class BaseActivation {
- public:
-  BaseActivation() = default;
-  // Non-copyable/non-assignable
-  BaseActivation(const BaseActivation&) = delete;
-  BaseActivation& operator=(const BaseActivation&) = delete;
-};
-// Instance of Activation class is used by evaluator.
-// It provides binding between references used in expressions
-// and actual values. This is a temporary stub implementation of CEL APIs.
-// Once gRPC imports the CEL library, this class will be removed.
-class Activation : public BaseActivation {
- public:
-  Activation() = default;
-  // Non-copyable/non-assignable
-  Activation(const Activation&) = delete;
-  Activation& operator=(const Activation&) = delete;
-  // Insert value into Activation.
-  void InsertValue(absl::string_view /*name*/, const CelValue& /*value*/) {}
-};
-}  // namespace mock_cel
-}  // namespace grpc_core
-#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_ACTIVATION_H

data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h DELETED Viewed

@@ -1,44 +0,0 @@
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPR_BUILDER_FACTORY_H
-#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPR_BUILDER_FACTORY_H
-#include <grpc/support/port_platform.h>
-#include <memory>
-#include "absl/memory/memory.h"
-#include "src/core/lib/security/authorization/mock_cel/flat_expr_builder.h"
-namespace grpc_core {
-namespace mock_cel {
-// This is a temporary stub implementation of CEL APIs.
-// Once gRPC imports the CEL library, this file will be removed.
-struct InterpreterOptions {
-  bool short_circuiting = true;
-};
-inline std::unique_ptr<CelExpressionBuilder> CreateCelExpressionBuilder(
-    const InterpreterOptions& options) {
-  return absl::make_unique<FlatExprBuilder>();
-}
-}  // namespace mock_cel
-}  // namespace grpc_core
-#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPR_BUILDER_FACTORY_H

data/src/core/lib/security/authorization/mock_cel/cel_expression.h DELETED Viewed

@@ -1,69 +0,0 @@
-// Copyright 2020 gRPC authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPRESSION_H
-#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPRESSION_H
-#include <grpc/support/port_platform.h>
-#include <memory>
-#include <vector>
-#include "absl/status/statusor.h"
-#include "google/api/expr/v1alpha1/syntax.upb.h"
-#include "src/core/lib/security/authorization/mock_cel/activation.h"
-#include "src/core/lib/security/authorization/mock_cel/cel_value.h"
-namespace grpc_core {
-namespace mock_cel {
-// This is a temporary stub implementation of CEL APIs.
-// Once gRPC imports the CEL library, this file will be removed.
-// Base interface for expression evaluating objects.
-class CelExpression {
- public:
-  virtual ~CelExpression() = default;
-  // Evaluates expression and returns value.
-  // activation contains bindings from parameter names to values
-  virtual absl::StatusOr<CelValue> Evaluate(
-      const BaseActivation& activation) const = 0;
-};
-// Base class for Expression Builder implementations
-// Provides user with factory to register extension functions.
-// ExpressionBuilder MUST NOT be destroyed before CelExpression objects
-// it built.
-class CelExpressionBuilder {
- public:
-  virtual ~CelExpressionBuilder() = default;
-  // Creates CelExpression object from AST tree.
-  // expr specifies root of AST tree
-  virtual absl::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
-      const google_api_expr_v1alpha1_Expr* expr,
-      const google_api_expr_v1alpha1_SourceInfo* source_info) const = 0;
-  virtual absl::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
-      const google_api_expr_v1alpha1_Expr* expr,
-      const google_api_expr_v1alpha1_SourceInfo* source_info,
-      std::vector<absl::Status>* warnings) const = 0;
-};
-}  // namespace mock_cel
-}  // namespace grpc_core
-#endif  // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPRESSION_H