grpc 1.36.0 → 1.37.0.pre1
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +65 -37
- data/include/grpc/grpc.h +15 -1
- data/include/grpc/impl/codegen/port_platform.h +2 -0
- data/src/core/ext/filters/client_channel/client_channel.cc +327 -305
- data/src/core/ext/filters/client_channel/client_channel_factory.h +2 -1
- data/src/core/ext/filters/client_channel/config_selector.h +8 -0
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +9 -4
- data/src/core/ext/filters/client_channel/global_subchannel_pool.cc +24 -142
- data/src/core/ext/filters/client_channel/global_subchannel_pool.h +15 -10
- data/src/core/ext/filters/client_channel/lb_policy.cc +3 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +23 -0
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +27 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +7 -22
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +2 -2
- data/src/core/ext/filters/client_channel/local_subchannel_pool.cc +27 -67
- data/src/core/ext/filters/client_channel/local_subchannel_pool.h +10 -9
- data/src/core/ext/filters/client_channel/resolver.cc +3 -0
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +2 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +3 -1
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +5 -9
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +18 -3
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +295 -91
- data/src/core/ext/filters/client_channel/server_address.cc +3 -0
- data/src/core/ext/filters/client_channel/subchannel.cc +69 -146
- data/src/core/ext/filters/client_channel/subchannel.h +63 -95
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.cc +16 -2
- data/src/core/ext/filters/client_channel/subchannel_pool_interface.h +10 -8
- data/src/core/ext/filters/client_idle/client_idle_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +495 -0
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +39 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +189 -0
- data/src/core/ext/filters/fault_injection/service_config_parser.h +85 -0
- data/src/core/ext/filters/workarounds/workaround_cronet_compression_filter.cc +1 -1
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +1 -1
- data/src/core/ext/transport/chttp2/client/insecure/channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/client/insecure/channel_create_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/client/secure/secure_channel_create.cc +3 -2
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +457 -170
- data/src/core/ext/transport/chttp2/server/insecure/server_chttp2_posix.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +39 -7
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.h +12 -1
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +5 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +1 -1
- data/src/core/ext/transport/chttp2/transport/internal.h +1 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.c +406 -0
- data/src/core/ext/upb-generated/envoy/admin/v3/config_dump.upb.h +1459 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.c +350 -0
- data/src/core/ext/upb-generated/envoy/config/bootstrap/v3/bootstrap.upb.h +1348 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.c +6 -0
- data/src/core/ext/upb-generated/envoy/config/core/v3/protocol.upb.h +25 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.c +144 -0
- data/src/core/ext/upb-generated/envoy/config/metrics/v3/stats.upb.h +488 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.c +141 -0
- data/src/core/ext/upb-generated/envoy/config/overload/v3/overload.upb.h +452 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.c +15 -0
- data/src/core/ext/upb-generated/envoy/config/route/v3/route_components.upb.h +44 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.c +79 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/common/fault/v3/fault.upb.h +268 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.c +78 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/fault/v3/fault.upb.h +281 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.c +41 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/http/router/v3/router.upb.h +113 -0
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.c +6 -5
- data/src/core/ext/upb-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upb.h +13 -9
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.c +93 -0
- data/src/core/ext/upb-generated/envoy/service/status/v3/csds.upb.h +323 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.c +36 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/node.upb.h +90 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.c +46 -0
- data/src/core/ext/upb-generated/envoy/type/matcher/v3/struct.upb.h +124 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.c +33 -0
- data/src/core/ext/upb-generated/udpa/type/v1/typed_struct.upb.h +77 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.c +354 -0
- data/src/core/ext/upbdefs-generated/envoy/admin/v3/config_dump.upbdefs.h +140 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.c +383 -0
- data/src/core/ext/upbdefs-generated/envoy/config/bootstrap/v3/bootstrap.upbdefs.h +115 -0
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.c +10 -7
- data/src/core/ext/upbdefs-generated/envoy/config/core/v3/protocol.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/metrics/v3/stats.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.c +141 -0
- data/src/core/ext/upbdefs-generated/envoy/config/overload/v3/overload.upbdefs.h +70 -0
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.c +13 -7
- data/src/core/ext/upbdefs-generated/envoy/config/route/v3/route_components.upbdefs.h +5 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.c +102 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/common/fault/v3/fault.upbdefs.h +55 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.c +120 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/fault/v3/fault.upbdefs.h +45 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.c +76 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/http/router/v3/router.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/extensions/filters/network/http_connection_manager/v3/http_connection_manager.upbdefs.c +21 -20
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.c +130 -0
- data/src/core/ext/upbdefs-generated/envoy/service/status/v3/csds.upbdefs.h +50 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.c +56 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/node.upbdefs.h +35 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.c +63 -0
- data/src/core/ext/upbdefs-generated/envoy/type/matcher/v3/struct.upbdefs.h +40 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.c +44 -0
- data/src/core/ext/upbdefs-generated/udpa/type/v1/typed_struct.upbdefs.h +35 -0
- data/src/core/ext/xds/xds_api.cc +1591 -279
- data/src/core/ext/xds/xds_api.h +279 -39
- data/src/core/ext/xds/xds_bootstrap.cc +21 -5
- data/src/core/ext/xds/xds_bootstrap.h +5 -1
- data/src/core/ext/xds/xds_client.cc +168 -23
- data/src/core/ext/xds/xds_client.h +26 -0
- data/src/core/ext/xds/xds_client_stats.h +2 -2
- data/src/core/ext/xds/xds_http_fault_filter.cc +226 -0
- data/src/core/ext/xds/xds_http_fault_filter.h +63 -0
- data/src/core/ext/xds/xds_http_filters.cc +114 -0
- data/src/core/ext/xds/xds_http_filters.h +130 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +391 -126
- data/src/core/lib/channel/channel_stack.cc +12 -0
- data/src/core/lib/channel/channel_stack.h +7 -0
- data/src/core/lib/channel/channelz.cc +92 -4
- data/src/core/lib/channel/channelz.h +30 -1
- data/src/core/lib/channel/channelz_registry.cc +14 -0
- data/src/core/lib/channel/handshaker.cc +0 -39
- data/src/core/lib/channel/handshaker.h +0 -17
- data/src/core/lib/channel/status_util.cc +12 -2
- data/src/core/lib/channel/status_util.h +5 -0
- data/src/core/lib/gpr/sync_abseil.cc +3 -6
- data/src/core/lib/gpr/sync_windows.cc +2 -2
- data/src/core/lib/gprpp/atomic.h +3 -3
- data/src/core/lib/gprpp/dual_ref_counted.h +3 -3
- data/src/core/lib/gprpp/ref_counted_ptr.h +2 -0
- data/src/core/lib/gprpp/thd.h +1 -1
- data/src/core/lib/iomgr/buffer_list.h +1 -1
- data/src/core/lib/iomgr/cfstream_handle.cc +2 -2
- data/src/core/lib/iomgr/error.h +1 -1
- data/src/core/lib/iomgr/ev_apple.cc +1 -1
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +3 -3
- data/src/core/lib/iomgr/ev_posix.cc +3 -3
- data/src/core/lib/iomgr/exec_ctx.cc +6 -2
- data/src/core/lib/iomgr/resource_quota.cc +1 -1
- data/src/core/lib/iomgr/sockaddr_utils.cc +120 -0
- data/src/core/lib/iomgr/sockaddr_utils.h +25 -0
- data/src/core/lib/iomgr/tcp_posix.cc +1 -4
- data/src/core/lib/iomgr/tcp_uv.cc +2 -2
- data/src/core/lib/iomgr/timer_generic.cc +2 -2
- data/src/core/lib/iomgr/timer_manager.cc +1 -1
- data/src/core/lib/iomgr/wakeup_fd_nospecial.cc +1 -1
- data/src/core/lib/{security/authorization → matchers}/matchers.cc +8 -8
- data/src/core/lib/{security/authorization → matchers}/matchers.h +14 -12
- data/src/core/lib/security/security_connector/ssl_utils.cc +6 -4
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +6 -0
- data/src/core/lib/security/transport/security_handshaker.cc +32 -2
- data/src/core/lib/slice/slice_intern.cc +6 -7
- data/src/core/lib/surface/channel.h +3 -3
- data/src/core/lib/surface/completion_queue.cc +1 -1
- data/src/core/lib/surface/lame_client.cc +38 -19
- data/src/core/lib/surface/lame_client.h +4 -3
- data/src/core/lib/surface/server.cc +40 -33
- data/src/core/lib/surface/server.h +74 -15
- data/src/core/lib/surface/version.cc +1 -1
- data/src/core/lib/transport/metadata_batch.cc +27 -0
- data/src/core/lib/transport/metadata_batch.h +14 -0
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -0
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +1 -4
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.h +1 -1
- data/src/core/tsi/alts/handshaker/transport_security_common_api.cc +1 -3
- data/src/core/tsi/fake_transport_security.cc +10 -1
- data/src/ruby/ext/grpc/extconf.rb +9 -1
- data/src/ruby/ext/grpc/rb_channel.c +10 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.c +11 -1
- data/src/ruby/ext/grpc/rb_channel_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_compression_options.c +1 -1
- data/src/ruby/ext/grpc/rb_enable_cpp.cc +1 -1
- data/src/ruby/ext/grpc/rb_grpc.c +4 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +2 -0
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +4 -1
- data/src/ruby/ext/grpc/rb_server.c +13 -1
- data/src/ruby/ext/grpc/rb_server_credentials.c +19 -3
- data/src/ruby/ext/grpc/rb_server_credentials.h +4 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.c +215 -0
- data/src/ruby/ext/grpc/rb_xds_channel_credentials.h +35 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.c +169 -0
- data/src/ruby/ext/grpc/rb_xds_server_credentials.h +35 -0
- data/src/ruby/lib/grpc/generic/client_stub.rb +4 -2
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/call_spec.rb +1 -1
- data/src/ruby/spec/channel_credentials_spec.rb +32 -0
- data/src/ruby/spec/channel_spec.rb +17 -6
- data/src/ruby/spec/client_auth_spec.rb +27 -1
- data/src/ruby/spec/errors_spec.rb +1 -1
- data/src/ruby/spec/generic/active_call_spec.rb +2 -2
- data/src/ruby/spec/generic/client_stub_spec.rb +4 -4
- data/src/ruby/spec/generic/rpc_server_spec.rb +1 -1
- data/src/ruby/spec/server_credentials_spec.rb +25 -0
- data/src/ruby/spec/server_spec.rb +22 -0
- data/third_party/boringssl-with-bazel/err_data.c +255 -255
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm-linux.c +11 -2
- data/third_party/boringssl-with-bazel/src/crypto/cpu-arm.c +3 -3
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/cipher/cipher.c +21 -13
- data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/rand.c +7 -5
- data/third_party/boringssl-with-bazel/src/crypto/x509/x509_cmp.c +0 -28
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_attrib.c +22 -17
- data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509.c +3 -1
- data/third_party/boringssl-with-bazel/src/include/openssl/cipher.h +4 -0
- data/third_party/boringssl-with-bazel/src/include/openssl/cpu.h +22 -32
- data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +25 -9
- data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +0 -1
- data/third_party/boringssl-with-bazel/src/ssl/t1_lib.cc +33 -19
- data/third_party/xxhash/xxhash.h +5443 -0
- metadata +93 -49
- data/src/core/lib/security/authorization/authorization_engine.cc +0 -177
- data/src/core/lib/security/authorization/authorization_engine.h +0 -84
- data/src/core/lib/security/authorization/evaluate_args.cc +0 -148
- data/src/core/lib/security/authorization/evaluate_args.h +0 -59
- data/src/core/lib/security/authorization/mock_cel/activation.h +0 -57
- data/src/core/lib/security/authorization/mock_cel/cel_expr_builder_factory.h +0 -44
- data/src/core/lib/security/authorization/mock_cel/cel_expression.h +0 -69
- data/src/core/lib/security/authorization/mock_cel/cel_value.h +0 -99
- data/src/core/lib/security/authorization/mock_cel/evaluator_core.h +0 -67
- data/src/core/lib/security/authorization/mock_cel/flat_expr_builder.h +0 -57
- data/third_party/abseil-cpp/absl/container/flat_hash_set.h +0 -504
- data/third_party/upb/upb/json_decode.c +0 -1443
- data/third_party/upb/upb/json_decode.h +0 -23
- data/third_party/upb/upb/json_encode.c +0 -713
- data/third_party/upb/upb/json_encode.h +0 -36
@@ -1,84 +0,0 @@
|
|
1
|
-
|
2
|
-
// Copyright 2020 gRPC authors.
|
3
|
-
//
|
4
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
-
// you may not use this file except in compliance with the License.
|
6
|
-
// You may obtain a copy of the License at
|
7
|
-
//
|
8
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
9
|
-
//
|
10
|
-
// Unless required by applicable law or agreed to in writing, software
|
11
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
-
// See the License for the specific language governing permissions and
|
14
|
-
// limitations under the License.
|
15
|
-
|
16
|
-
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
|
17
|
-
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H
|
18
|
-
|
19
|
-
#include <grpc/support/port_platform.h>
|
20
|
-
|
21
|
-
#include <grpc/support/log.h>
|
22
|
-
#include <map>
|
23
|
-
#include <memory>
|
24
|
-
#include <string>
|
25
|
-
#include <vector>
|
26
|
-
|
27
|
-
#include "absl/container/flat_hash_set.h"
|
28
|
-
#include "envoy/config/rbac/v3/rbac.upb.h"
|
29
|
-
#include "google/api/expr/v1alpha1/syntax.upb.h"
|
30
|
-
#include "upb/upb.hpp"
|
31
|
-
|
32
|
-
#include "src/core/lib/security/authorization/evaluate_args.h"
|
33
|
-
#include "src/core/lib/security/authorization/mock_cel/activation.h"
|
34
|
-
|
35
|
-
namespace grpc_core {
|
36
|
-
|
37
|
-
// AuthorizationEngine makes an AuthorizationDecision to ALLOW or DENY the
|
38
|
-
// current action based on the condition fields in provided RBAC policies.
|
39
|
-
// The engine may be constructed with one or two policies. If two polcies,
|
40
|
-
// the first policy is deny-if-matched and the second is allow-if-matched.
|
41
|
-
// The engine returns UNDECIDED decision if it fails to find a match in any
|
42
|
-
// policy. This engine ignores the principal and permission fields in RBAC
|
43
|
-
// policies. It is the caller's responsibility to provide RBAC policies that
|
44
|
-
// are compatible with this engine.
|
45
|
-
//
|
46
|
-
// Example:
|
47
|
-
// AuthorizationEngine*
|
48
|
-
// auth_engine = AuthorizationEngine::CreateAuthorizationEngine(rbac_policies);
|
49
|
-
// auth_engine->Evaluate(evaluate_args); // returns authorization decision.
|
50
|
-
class AuthorizationEngine {
|
51
|
-
public:
|
52
|
-
// rbac_policies must be a vector containing either a single policy of any
|
53
|
-
// kind, or one deny policy and one allow policy, in that order.
|
54
|
-
static std::unique_ptr<AuthorizationEngine> CreateAuthorizationEngine(
|
55
|
-
const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies);
|
56
|
-
|
57
|
-
// Users should use the CreateAuthorizationEngine factory function
|
58
|
-
// instead of calling the AuthorizationEngine constructor directly.
|
59
|
-
explicit AuthorizationEngine(
|
60
|
-
const std::vector<envoy_config_rbac_v3_RBAC*>& rbac_policies);
|
61
|
-
// TODO(mywang@google.com): add an Evaluate member function.
|
62
|
-
|
63
|
-
private:
|
64
|
-
enum Action {
|
65
|
-
kAllow,
|
66
|
-
kDeny,
|
67
|
-
};
|
68
|
-
|
69
|
-
std::unique_ptr<mock_cel::Activation> CreateActivation(
|
70
|
-
const EvaluateArgs& args);
|
71
|
-
|
72
|
-
std::map<const std::string, const google_api_expr_v1alpha1_Expr*>
|
73
|
-
deny_if_matched_;
|
74
|
-
std::map<const std::string, const google_api_expr_v1alpha1_Expr*>
|
75
|
-
allow_if_matched_;
|
76
|
-
upb::Arena arena_;
|
77
|
-
absl::flat_hash_set<std::string> envoy_attributes_;
|
78
|
-
absl::flat_hash_set<std::string> header_keys_;
|
79
|
-
std::unique_ptr<mock_cel::CelMap> headers_;
|
80
|
-
};
|
81
|
-
|
82
|
-
} // namespace grpc_core
|
83
|
-
|
84
|
-
#endif /* GRPC_CORE_LIB_SECURITY_AUTHORIZATION_AUTHORIZATION_ENGINE_H */
|
@@ -1,148 +0,0 @@
|
|
1
|
-
//
|
2
|
-
//
|
3
|
-
// Copyright 2020 gRPC authors.
|
4
|
-
//
|
5
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
// you may not use this file except in compliance with the License.
|
7
|
-
// You may obtain a copy of the License at
|
8
|
-
//
|
9
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
//
|
11
|
-
// Unless required by applicable law or agreed to in writing, software
|
12
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
// See the License for the specific language governing permissions and
|
15
|
-
// limitations under the License.
|
16
|
-
//
|
17
|
-
//
|
18
|
-
|
19
|
-
#include <grpc/support/port_platform.h>
|
20
|
-
|
21
|
-
#include "src/core/lib/security/authorization/evaluate_args.h"
|
22
|
-
|
23
|
-
#include "src/core/lib/iomgr/parse_address.h"
|
24
|
-
#include "src/core/lib/iomgr/resolve_address.h"
|
25
|
-
#include "src/core/lib/iomgr/sockaddr_utils.h"
|
26
|
-
#include "src/core/lib/slice/slice_utils.h"
|
27
|
-
|
28
|
-
namespace grpc_core {
|
29
|
-
|
30
|
-
absl::string_view EvaluateArgs::GetPath() const {
|
31
|
-
absl::string_view path;
|
32
|
-
if (metadata_ != nullptr && metadata_->idx.named.path != nullptr) {
|
33
|
-
grpc_linked_mdelem* elem = metadata_->idx.named.path;
|
34
|
-
const grpc_slice& val = GRPC_MDVALUE(elem->md);
|
35
|
-
path = StringViewFromSlice(val);
|
36
|
-
}
|
37
|
-
return path;
|
38
|
-
}
|
39
|
-
|
40
|
-
absl::string_view EvaluateArgs::GetHost() const {
|
41
|
-
absl::string_view host;
|
42
|
-
if (metadata_ != nullptr && metadata_->idx.named.host != nullptr) {
|
43
|
-
grpc_linked_mdelem* elem = metadata_->idx.named.host;
|
44
|
-
const grpc_slice& val = GRPC_MDVALUE(elem->md);
|
45
|
-
host = StringViewFromSlice(val);
|
46
|
-
}
|
47
|
-
return host;
|
48
|
-
}
|
49
|
-
|
50
|
-
absl::string_view EvaluateArgs::GetMethod() const {
|
51
|
-
absl::string_view method;
|
52
|
-
if (metadata_ != nullptr && metadata_->idx.named.method != nullptr) {
|
53
|
-
grpc_linked_mdelem* elem = metadata_->idx.named.method;
|
54
|
-
const grpc_slice& val = GRPC_MDVALUE(elem->md);
|
55
|
-
method = StringViewFromSlice(val);
|
56
|
-
}
|
57
|
-
return method;
|
58
|
-
}
|
59
|
-
|
60
|
-
std::multimap<absl::string_view, absl::string_view> EvaluateArgs::GetHeaders()
|
61
|
-
const {
|
62
|
-
std::multimap<absl::string_view, absl::string_view> headers;
|
63
|
-
if (metadata_ == nullptr) {
|
64
|
-
return headers;
|
65
|
-
}
|
66
|
-
for (grpc_linked_mdelem* elem = metadata_->list.head; elem != nullptr;
|
67
|
-
elem = elem->next) {
|
68
|
-
const grpc_slice& key = GRPC_MDKEY(elem->md);
|
69
|
-
const grpc_slice& val = GRPC_MDVALUE(elem->md);
|
70
|
-
headers.emplace(StringViewFromSlice(key), StringViewFromSlice(val));
|
71
|
-
}
|
72
|
-
return headers;
|
73
|
-
}
|
74
|
-
|
75
|
-
absl::string_view EvaluateArgs::GetLocalAddress() const {
|
76
|
-
absl::string_view addr = grpc_endpoint_get_local_address(endpoint_);
|
77
|
-
size_t first_colon = addr.find(":");
|
78
|
-
size_t last_colon = addr.rfind(":");
|
79
|
-
if (first_colon == std::string::npos || last_colon == std::string::npos) {
|
80
|
-
return "";
|
81
|
-
} else {
|
82
|
-
return addr.substr(first_colon + 1, last_colon - first_colon - 1);
|
83
|
-
}
|
84
|
-
}
|
85
|
-
|
86
|
-
int EvaluateArgs::GetLocalPort() const {
|
87
|
-
if (endpoint_ == nullptr) {
|
88
|
-
return 0;
|
89
|
-
}
|
90
|
-
absl::StatusOr<URI> uri =
|
91
|
-
URI::Parse(grpc_endpoint_get_local_address(endpoint_));
|
92
|
-
grpc_resolved_address resolved_addr;
|
93
|
-
if (!uri.ok() || !grpc_parse_uri(*uri, &resolved_addr)) {
|
94
|
-
return 0;
|
95
|
-
}
|
96
|
-
return grpc_sockaddr_get_port(&resolved_addr);
|
97
|
-
}
|
98
|
-
|
99
|
-
absl::string_view EvaluateArgs::GetPeerAddress() const {
|
100
|
-
absl::string_view addr = grpc_endpoint_get_peer(endpoint_);
|
101
|
-
size_t first_colon = addr.find(":");
|
102
|
-
size_t last_colon = addr.rfind(":");
|
103
|
-
if (first_colon == std::string::npos || last_colon == std::string::npos) {
|
104
|
-
return "";
|
105
|
-
} else {
|
106
|
-
return addr.substr(first_colon + 1, last_colon - first_colon - 1);
|
107
|
-
}
|
108
|
-
}
|
109
|
-
|
110
|
-
int EvaluateArgs::GetPeerPort() const {
|
111
|
-
if (endpoint_ == nullptr) {
|
112
|
-
return 0;
|
113
|
-
}
|
114
|
-
absl::StatusOr<URI> uri = URI::Parse(grpc_endpoint_get_peer(endpoint_));
|
115
|
-
grpc_resolved_address resolved_addr;
|
116
|
-
if (!uri.ok() || !grpc_parse_uri(*uri, &resolved_addr)) {
|
117
|
-
return 0;
|
118
|
-
}
|
119
|
-
return grpc_sockaddr_get_port(&resolved_addr);
|
120
|
-
}
|
121
|
-
|
122
|
-
absl::string_view EvaluateArgs::GetSpiffeId() const {
|
123
|
-
if (auth_context_ == nullptr) {
|
124
|
-
return "";
|
125
|
-
}
|
126
|
-
grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
|
127
|
-
auth_context_, GRPC_PEER_SPIFFE_ID_PROPERTY_NAME);
|
128
|
-
const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
|
129
|
-
if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
|
130
|
-
return "";
|
131
|
-
}
|
132
|
-
return absl::string_view(prop->value, prop->value_length);
|
133
|
-
}
|
134
|
-
|
135
|
-
absl::string_view EvaluateArgs::GetCertServerName() const {
|
136
|
-
if (auth_context_ == nullptr) {
|
137
|
-
return "";
|
138
|
-
}
|
139
|
-
grpc_auth_property_iterator it = grpc_auth_context_find_properties_by_name(
|
140
|
-
auth_context_, GRPC_X509_CN_PROPERTY_NAME);
|
141
|
-
const grpc_auth_property* prop = grpc_auth_property_iterator_next(&it);
|
142
|
-
if (prop == nullptr || grpc_auth_property_iterator_next(&it) != nullptr) {
|
143
|
-
return "";
|
144
|
-
}
|
145
|
-
return absl::string_view(prop->value, prop->value_length);
|
146
|
-
}
|
147
|
-
|
148
|
-
} // namespace grpc_core
|
@@ -1,59 +0,0 @@
|
|
1
|
-
//
|
2
|
-
//
|
3
|
-
// Copyright 2020 gRPC authors.
|
4
|
-
//
|
5
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
-
// you may not use this file except in compliance with the License.
|
7
|
-
// You may obtain a copy of the License at
|
8
|
-
//
|
9
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
10
|
-
//
|
11
|
-
// Unless required by applicable law or agreed to in writing, software
|
12
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
-
// See the License for the specific language governing permissions and
|
15
|
-
// limitations under the License.
|
16
|
-
//
|
17
|
-
//
|
18
|
-
|
19
|
-
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
|
20
|
-
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
|
21
|
-
|
22
|
-
#include <grpc/support/port_platform.h>
|
23
|
-
|
24
|
-
#include <map>
|
25
|
-
|
26
|
-
#include "src/core/lib/iomgr/endpoint.h"
|
27
|
-
#include "src/core/lib/security/context/security_context.h"
|
28
|
-
#include "src/core/lib/transport/metadata_batch.h"
|
29
|
-
|
30
|
-
namespace grpc_core {
|
31
|
-
|
32
|
-
class EvaluateArgs {
|
33
|
-
public:
|
34
|
-
EvaluateArgs(grpc_metadata_batch* metadata, grpc_auth_context* auth_context,
|
35
|
-
grpc_endpoint* endpoint)
|
36
|
-
: metadata_(metadata), auth_context_(auth_context), endpoint_(endpoint) {}
|
37
|
-
|
38
|
-
absl::string_view GetPath() const;
|
39
|
-
absl::string_view GetHost() const;
|
40
|
-
absl::string_view GetMethod() const;
|
41
|
-
std::multimap<absl::string_view, absl::string_view> GetHeaders() const;
|
42
|
-
absl::string_view GetLocalAddress() const;
|
43
|
-
int GetLocalPort() const;
|
44
|
-
absl::string_view GetPeerAddress() const;
|
45
|
-
int GetPeerPort() const;
|
46
|
-
absl::string_view GetSpiffeId() const;
|
47
|
-
absl::string_view GetCertServerName() const;
|
48
|
-
|
49
|
-
// TODO(unknown): Add a getter function for source.principal
|
50
|
-
|
51
|
-
private:
|
52
|
-
grpc_metadata_batch* metadata_;
|
53
|
-
grpc_auth_context* auth_context_;
|
54
|
-
grpc_endpoint* endpoint_;
|
55
|
-
};
|
56
|
-
|
57
|
-
} // namespace grpc_core
|
58
|
-
|
59
|
-
#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_EVALUATE_ARGS_H
|
@@ -1,57 +0,0 @@
|
|
1
|
-
// Copyright 2020 gRPC authors.
|
2
|
-
//
|
3
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
// you may not use this file except in compliance with the License.
|
5
|
-
// You may obtain a copy of the License at
|
6
|
-
//
|
7
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
//
|
9
|
-
// Unless required by applicable law or agreed to in writing, software
|
10
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
// See the License for the specific language governing permissions and
|
13
|
-
// limitations under the License.
|
14
|
-
|
15
|
-
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_ACTIVATION_H
|
16
|
-
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_ACTIVATION_H
|
17
|
-
|
18
|
-
#include <grpc/support/port_platform.h>
|
19
|
-
|
20
|
-
#include "absl/strings/string_view.h"
|
21
|
-
|
22
|
-
#include "src/core/lib/security/authorization/mock_cel/cel_value.h"
|
23
|
-
|
24
|
-
namespace grpc_core {
|
25
|
-
namespace mock_cel {
|
26
|
-
|
27
|
-
// Base class for an activation. This is a temporary stub implementation of CEL
|
28
|
-
// APIs. Once gRPC imports the CEL library, this class will be removed.
|
29
|
-
class BaseActivation {
|
30
|
-
public:
|
31
|
-
BaseActivation() = default;
|
32
|
-
|
33
|
-
// Non-copyable/non-assignable
|
34
|
-
BaseActivation(const BaseActivation&) = delete;
|
35
|
-
BaseActivation& operator=(const BaseActivation&) = delete;
|
36
|
-
};
|
37
|
-
|
38
|
-
// Instance of Activation class is used by evaluator.
|
39
|
-
// It provides binding between references used in expressions
|
40
|
-
// and actual values. This is a temporary stub implementation of CEL APIs.
|
41
|
-
// Once gRPC imports the CEL library, this class will be removed.
|
42
|
-
class Activation : public BaseActivation {
|
43
|
-
public:
|
44
|
-
Activation() = default;
|
45
|
-
|
46
|
-
// Non-copyable/non-assignable
|
47
|
-
Activation(const Activation&) = delete;
|
48
|
-
Activation& operator=(const Activation&) = delete;
|
49
|
-
|
50
|
-
// Insert value into Activation.
|
51
|
-
void InsertValue(absl::string_view /*name*/, const CelValue& /*value*/) {}
|
52
|
-
};
|
53
|
-
|
54
|
-
} // namespace mock_cel
|
55
|
-
} // namespace grpc_core
|
56
|
-
|
57
|
-
#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_ACTIVATION_H
|
@@ -1,44 +0,0 @@
|
|
1
|
-
// Copyright 2020 gRPC authors.
|
2
|
-
//
|
3
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
// you may not use this file except in compliance with the License.
|
5
|
-
// You may obtain a copy of the License at
|
6
|
-
//
|
7
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
//
|
9
|
-
// Unless required by applicable law or agreed to in writing, software
|
10
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
// See the License for the specific language governing permissions and
|
13
|
-
// limitations under the License.
|
14
|
-
|
15
|
-
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPR_BUILDER_FACTORY_H
|
16
|
-
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPR_BUILDER_FACTORY_H
|
17
|
-
|
18
|
-
#include <grpc/support/port_platform.h>
|
19
|
-
|
20
|
-
#include <memory>
|
21
|
-
|
22
|
-
#include "absl/memory/memory.h"
|
23
|
-
|
24
|
-
#include "src/core/lib/security/authorization/mock_cel/flat_expr_builder.h"
|
25
|
-
|
26
|
-
namespace grpc_core {
|
27
|
-
namespace mock_cel {
|
28
|
-
|
29
|
-
// This is a temporary stub implementation of CEL APIs.
|
30
|
-
// Once gRPC imports the CEL library, this file will be removed.
|
31
|
-
|
32
|
-
struct InterpreterOptions {
|
33
|
-
bool short_circuiting = true;
|
34
|
-
};
|
35
|
-
|
36
|
-
inline std::unique_ptr<CelExpressionBuilder> CreateCelExpressionBuilder(
|
37
|
-
const InterpreterOptions& options) {
|
38
|
-
return absl::make_unique<FlatExprBuilder>();
|
39
|
-
}
|
40
|
-
|
41
|
-
} // namespace mock_cel
|
42
|
-
} // namespace grpc_core
|
43
|
-
|
44
|
-
#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPR_BUILDER_FACTORY_H
|
@@ -1,69 +0,0 @@
|
|
1
|
-
// Copyright 2020 gRPC authors.
|
2
|
-
//
|
3
|
-
// Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
-
// you may not use this file except in compliance with the License.
|
5
|
-
// You may obtain a copy of the License at
|
6
|
-
//
|
7
|
-
// http://www.apache.org/licenses/LICENSE-2.0
|
8
|
-
//
|
9
|
-
// Unless required by applicable law or agreed to in writing, software
|
10
|
-
// distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
-
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
-
// See the License for the specific language governing permissions and
|
13
|
-
// limitations under the License.
|
14
|
-
|
15
|
-
#ifndef GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPRESSION_H
|
16
|
-
#define GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPRESSION_H
|
17
|
-
|
18
|
-
#include <grpc/support/port_platform.h>
|
19
|
-
|
20
|
-
#include <memory>
|
21
|
-
#include <vector>
|
22
|
-
|
23
|
-
#include "absl/status/statusor.h"
|
24
|
-
|
25
|
-
#include "google/api/expr/v1alpha1/syntax.upb.h"
|
26
|
-
#include "src/core/lib/security/authorization/mock_cel/activation.h"
|
27
|
-
#include "src/core/lib/security/authorization/mock_cel/cel_value.h"
|
28
|
-
|
29
|
-
namespace grpc_core {
|
30
|
-
namespace mock_cel {
|
31
|
-
|
32
|
-
// This is a temporary stub implementation of CEL APIs.
|
33
|
-
// Once gRPC imports the CEL library, this file will be removed.
|
34
|
-
|
35
|
-
// Base interface for expression evaluating objects.
|
36
|
-
class CelExpression {
|
37
|
-
public:
|
38
|
-
virtual ~CelExpression() = default;
|
39
|
-
|
40
|
-
// Evaluates expression and returns value.
|
41
|
-
// activation contains bindings from parameter names to values
|
42
|
-
virtual absl::StatusOr<CelValue> Evaluate(
|
43
|
-
const BaseActivation& activation) const = 0;
|
44
|
-
};
|
45
|
-
|
46
|
-
// Base class for Expression Builder implementations
|
47
|
-
// Provides user with factory to register extension functions.
|
48
|
-
// ExpressionBuilder MUST NOT be destroyed before CelExpression objects
|
49
|
-
// it built.
|
50
|
-
class CelExpressionBuilder {
|
51
|
-
public:
|
52
|
-
virtual ~CelExpressionBuilder() = default;
|
53
|
-
|
54
|
-
// Creates CelExpression object from AST tree.
|
55
|
-
// expr specifies root of AST tree
|
56
|
-
virtual absl::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
|
57
|
-
const google_api_expr_v1alpha1_Expr* expr,
|
58
|
-
const google_api_expr_v1alpha1_SourceInfo* source_info) const = 0;
|
59
|
-
|
60
|
-
virtual absl::StatusOr<std::unique_ptr<CelExpression>> CreateExpression(
|
61
|
-
const google_api_expr_v1alpha1_Expr* expr,
|
62
|
-
const google_api_expr_v1alpha1_SourceInfo* source_info,
|
63
|
-
std::vector<absl::Status>* warnings) const = 0;
|
64
|
-
};
|
65
|
-
|
66
|
-
} // namespace mock_cel
|
67
|
-
} // namespace grpc_core
|
68
|
-
|
69
|
-
#endif // GRPC_CORE_LIB_SECURITY_AUTHORIZATION_MOCK_CEL_CEL_EXPRESSION_H
|