grpc 1.43.1 → 1.44.0.pre2

data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc

@@ -33,8 +33,6 @@
 
 #include "src/core/ext/filters/message_size/message_size_filter.h"
 #include "src/core/lib/channel/channel_args.h"
-#include "src/core/lib/compression/algorithm_metadata.h"
-#include "src/core/lib/compression/compression_args.h"
 #include "src/core/lib/compression/compression_internal.h"
 #include "src/core/lib/compression/message_compress.h"
 #include "src/core/lib/gpr/string.h"
@@ -114,7 +112,7 @@ class CallData {
   // Fields for handling recv_message_ready callback
   bool seen_recv_message_ready_ = false;
   int max_recv_message_length_;
-  grpc_message_compression_algorithm algorithm_ = GRPC_MESSAGE_COMPRESS_NONE;
+  grpc_compression_algorithm algorithm_ = GRPC_COMPRESS_NONE;
   grpc_closure on_recv_message_ready_;
   grpc_closure* original_recv_message_ready_ = nullptr;
   grpc_closure on_recv_message_next_done_;
@@ -133,30 +131,12 @@ class CallData {
   grpc_error_handle on_recv_trailing_metadata_ready_error_ = GRPC_ERROR_NONE;
 };
 
-grpc_message_compression_algorithm DecodeMessageCompressionAlgorithm(
-    grpc_mdelem md) {
-  grpc_message_compression_algorithm algorithm =
-      grpc_message_compression_algorithm_from_slice(GRPC_MDVALUE(md));
-  if (algorithm == GRPC_MESSAGE_COMPRESS_ALGORITHMS_COUNT) {
-    char* md_c_str = grpc_slice_to_c_string(GRPC_MDVALUE(md));
-    gpr_log(GPR_ERROR,
-            "Invalid incoming message compression algorithm: '%s'. "
-            "Interpreting incoming data as uncompressed.",
-            md_c_str);
-    gpr_free(md_c_str);
-    return GRPC_MESSAGE_COMPRESS_NONE;
-  }
-  return algorithm;
-}
-
 void CallData::OnRecvInitialMetadataReady(void* arg, grpc_error_handle error) {
   CallData* calld = static_cast<CallData*>(arg);
   if (error == GRPC_ERROR_NONE) {
-    grpc_linked_mdelem* grpc_encoding =
-        calld->recv_initial_metadata_->legacy_index()->named.grpc_encoding;
-    if (grpc_encoding != nullptr) {
-      calld->algorithm_ = DecodeMessageCompressionAlgorithm(grpc_encoding->md);
-    }
+    calld->algorithm_ =
+        calld->recv_initial_metadata_->get(GrpcEncodingMetadata())
+            .value_or(GRPC_COMPRESS_NONE);
   }
   calld->MaybeResumeOnRecvMessageReady();
   calld->MaybeResumeOnRecvTrailingMetadataReady();
@@ -184,7 +164,7 @@ void CallData::OnRecvMessageReady(void* arg, grpc_error_handle error) {
                               "OnRecvInitialMetadataReady");
       return;
     }
-    if (calld->algorithm_ != GRPC_MESSAGE_COMPRESS_NONE) {
+    if (calld->algorithm_ != GRPC_COMPRESS_NONE) {
       // recv_message can be NULL if trailing metadata is received instead of
       // message, or it's possible that the message was not compressed.
       if (*calld->recv_message_ == nullptr ||

data/src/core/ext/filters/http/server/http_server_filter.cc

@@ -32,10 +32,6 @@
 #include "src/core/lib/slice/percent_encoding.h"
 #include "src/core/lib/slice/slice_internal.h"
 #include "src/core/lib/slice/slice_string_helpers.h"
-#include "src/core/lib/transport/static_metadata.h"
-
-#define EXPECTED_CONTENT_TYPE "application/grpc"
-#define EXPECTED_CONTENT_TYPE_LENGTH (sizeof(EXPECTED_CONTENT_TYPE) - 1)
 
 static void hs_recv_initial_metadata_ready(void* user_data,
                                            grpc_error_handle err);
@@ -67,10 +63,6 @@ struct call_data {
 
   grpc_core::CallCombiner* call_combiner;
 
-  // Outgoing headers to add to send_initial_metadata.
-  grpc_linked_mdelem status;
-  grpc_linked_mdelem content_type;
-
   // If we see the recv_message contents in the GET query string, we
   // store it here.
   grpc_core::ManualConstructor<grpc_core::SliceBufferByteStream> read_stream;
@@ -121,63 +113,37 @@ static void hs_add_error(const char* error_name, grpc_error_handle* cumulative,
   *cumulative = grpc_error_add_child(*cumulative, new_err);
 }
 
-// Metadata equality within this filter leverages the fact that the sender was
-// likely using the gRPC chttp2 transport, in which case the encoder would emit
-// indexed values, in which case the local hpack parser would intern the
-// relevant metadata, allowing a simple pointer comparison.
-//
-// That said, if the header was transmitted sans indexing/encoding, we still
-// need to do the right thing.
-//
-// Assumptions:
-// 1) The keys for a and b_static must match
-// 2) b_static must be a statically allocated metadata object.
-// 3) It is assumed that the remote end is indexing, but not necessary.
-// TODO(arjunroy): Revisit this method when grpc_mdelem is strongly typed.
-static bool md_strict_equal(grpc_mdelem a, grpc_mdelem b_static) {
-  // Hpack encoder on the remote side should emit indexed values, in which case
-  // hpack parser on this end should pick up interned values, in which case the
-  // pointer comparison alone is enough.
-  //
-  if (GPR_LIKELY(GRPC_MDELEM_IS_INTERNED(a))) {
-    return a.payload == b_static.payload;
-  } else {
-    return grpc_slice_eq_static_interned(GRPC_MDVALUE(a),
-                                         GRPC_MDVALUE(b_static));
-  }
-}
-
 static grpc_error_handle hs_filter_incoming_metadata(grpc_call_element* elem,
                                                      grpc_metadata_batch* b) {
   call_data* calld = static_cast<call_data*>(elem->call_data);
   grpc_error_handle error = GRPC_ERROR_NONE;
   static const char* error_name = "Failed processing incoming headers";
 
-  if (b->legacy_index()->named.method != nullptr) {
-    if (md_strict_equal(b->legacy_index()->named.method->md,
-                        GRPC_MDELEM_METHOD_POST)) {
-      *calld->recv_initial_metadata_flags &=
-          ~(GRPC_INITIAL_METADATA_CACHEABLE_REQUEST |
-            GRPC_INITIAL_METADATA_IDEMPOTENT_REQUEST);
-    } else if (md_strict_equal(b->legacy_index()->named.method->md,
-                               GRPC_MDELEM_METHOD_PUT)) {
-      *calld->recv_initial_metadata_flags &=
-          ~GRPC_INITIAL_METADATA_CACHEABLE_REQUEST;
-      *calld->recv_initial_metadata_flags |=
-          GRPC_INITIAL_METADATA_IDEMPOTENT_REQUEST;
-    } else if (md_strict_equal(b->legacy_index()->named.method->md,
-                               GRPC_MDELEM_METHOD_GET)) {
-      *calld->recv_initial_metadata_flags |=
-          GRPC_INITIAL_METADATA_CACHEABLE_REQUEST;
-      *calld->recv_initial_metadata_flags &=
-          ~GRPC_INITIAL_METADATA_IDEMPOTENT_REQUEST;
-    } else {
-      hs_add_error(error_name, &error,
-                   grpc_attach_md_to_error(
-                       GRPC_ERROR_CREATE_FROM_STATIC_STRING("Bad header"),
-                       b->legacy_index()->named.method->md));
+  auto method = b->get(grpc_core::HttpMethodMetadata());
+  if (method.has_value()) {
+    switch (*method) {
+      case grpc_core::HttpMethodMetadata::kPost:
+        *calld->recv_initial_metadata_flags &=
+            ~(GRPC_INITIAL_METADATA_CACHEABLE_REQUEST |
+              GRPC_INITIAL_METADATA_IDEMPOTENT_REQUEST);
+        break;
+      case grpc_core::HttpMethodMetadata::kPut:
+        *calld->recv_initial_metadata_flags &=
+            ~GRPC_INITIAL_METADATA_CACHEABLE_REQUEST;
+        *calld->recv_initial_metadata_flags |=
+            GRPC_INITIAL_METADATA_IDEMPOTENT_REQUEST;
+        break;
+      case grpc_core::HttpMethodMetadata::kGet:
+        *calld->recv_initial_metadata_flags |=
+            GRPC_INITIAL_METADATA_CACHEABLE_REQUEST;
+        *calld->recv_initial_metadata_flags &=
+            ~GRPC_INITIAL_METADATA_IDEMPOTENT_REQUEST;
+        break;
+      case grpc_core::HttpMethodMetadata::kInvalid:
+        hs_add_error(error_name, &error,
+                     GRPC_ERROR_CREATE_FROM_STATIC_STRING("Bad method header"));
+        break;
     }
-    b->Remove(GRPC_BATCH_METHOD);
   } else {
     hs_add_error(error_name, &error,
                  grpc_error_set_str(
@@ -198,19 +164,12 @@ static grpc_error_handle hs_filter_incoming_metadata(grpc_call_element* elem,
                  GRPC_ERROR_CREATE_FROM_STATIC_STRING("Bad te header"));
   }
 
-  if (b->legacy_index()->named.scheme != nullptr) {
-    if (!md_strict_equal(b->legacy_index()->named.scheme->md,
-                         GRPC_MDELEM_SCHEME_HTTP) &&
-        !md_strict_equal(b->legacy_index()->named.scheme->md,
-                         GRPC_MDELEM_SCHEME_HTTPS) &&
-        !grpc_mdelem_static_value_eq(b->legacy_index()->named.scheme->md,
-                                     GRPC_MDELEM_SCHEME_GRPC)) {
+  auto scheme = b->Take(grpc_core::HttpSchemeMetadata());
+  if (scheme.has_value()) {
+    if (*scheme == grpc_core::HttpSchemeMetadata::kInvalid) {
       hs_add_error(error_name, &error,
-                   grpc_attach_md_to_error(
-                       GRPC_ERROR_CREATE_FROM_STATIC_STRING("Bad header"),
-                       b->legacy_index()->named.scheme->md));
+                   GRPC_ERROR_CREATE_FROM_STATIC_STRING("Bad :scheme header"));
     }
-    b->Remove(GRPC_BATCH_SCHEME);
   } else {
     hs_add_error(error_name, &error,
                  grpc_error_set_str(
@@ -218,40 +177,10 @@ static grpc_error_handle hs_filter_incoming_metadata(grpc_call_element* elem,
                      GRPC_ERROR_STR_KEY, ":scheme"));
   }
 
-  if (b->legacy_index()->named.content_type != nullptr) {
-    if (!grpc_mdelem_static_value_eq(
-            b->legacy_index()->named.content_type->md,
-            GRPC_MDELEM_CONTENT_TYPE_APPLICATION_SLASH_GRPC)) {
-      if (grpc_slice_buf_start_eq(
-              GRPC_MDVALUE(b->legacy_index()->named.content_type->md),
-              EXPECTED_CONTENT_TYPE, EXPECTED_CONTENT_TYPE_LENGTH) &&
-          (GRPC_SLICE_START_PTR(GRPC_MDVALUE(
-               b->legacy_index()
-                   ->named.content_type->md))[EXPECTED_CONTENT_TYPE_LENGTH] ==
-               '+' ||
-           GRPC_SLICE_START_PTR(GRPC_MDVALUE(
-               b->legacy_index()
-                   ->named.content_type->md))[EXPECTED_CONTENT_TYPE_LENGTH] ==
-               ';')) {
-        /* Although the C implementation doesn't (currently) generate them,
-           any custom +-suffix is explicitly valid. */
-        /* TODO(klempner): We should consider preallocating common values such
-           as +proto or +json, or at least stashing them if we see them. */
-        /* TODO(klempner): Should we be surfacing this to application code? */
-      } else {
-        /* TODO(klempner): We're currently allowing this, but we shouldn't
-           see it without a proxy so log for now. */
-        char* val = grpc_dump_slice(
-            GRPC_MDVALUE(b->legacy_index()->named.content_type->md),
-            GPR_DUMP_ASCII);
-        gpr_log(GPR_INFO, "Unexpected content-type '%s'", val);
-        gpr_free(val);
-      }
-    }
-    b->Remove(GRPC_BATCH_CONTENT_TYPE);
-  }
+  b->Remove(grpc_core::ContentTypeMetadata());
 
-  if (b->legacy_index()->named.path == nullptr) {
+  grpc_core::Slice* path_slice = b->get_pointer(grpc_core::HttpPathMetadata());
+  if (path_slice == nullptr) {
     hs_add_error(error_name, &error,
                  grpc_error_set_str(
                      GRPC_ERROR_CREATE_FROM_STATIC_STRING("Missing header"),
@@ -260,25 +189,18 @@ static grpc_error_handle hs_filter_incoming_metadata(grpc_call_element* elem,
              GRPC_INITIAL_METADATA_CACHEABLE_REQUEST) {
     /* We have a cacheable request made with GET verb. The path contains the
      * query parameter which is base64 encoded request payload. */
-    const char k_query_separator = '?';
-    grpc_slice path_slice = GRPC_MDVALUE(b->legacy_index()->named.path->md);
-    uint8_t* path_ptr = GRPC_SLICE_START_PTR(path_slice);
-    size_t path_length = GRPC_SLICE_LENGTH(path_slice);
+    static const char kQuerySeparator = '?';
     /* offset of the character '?' */
-    size_t offset = 0;
-    for (offset = 0; offset < path_length && *path_ptr != k_query_separator;
-         path_ptr++, offset++) {
-    }
-    if (offset < path_length) {
-      grpc_slice query_slice =
-          grpc_slice_sub(path_slice, offset + 1, path_length);
+    auto it =
+        std::find(path_slice->begin(), path_slice->end(), kQuerySeparator);
+    if (it != path_slice->end()) {
+      const auto query_start = it - path_slice->begin() + 1;
+      auto query_slice = path_slice->RefSubSlice(
+          query_start, path_slice->size() - query_start);
 
       /* substitute path metadata with just the path (not query) */
-      grpc_mdelem mdelem_path_without_query = grpc_mdelem_from_slices(
-          GRPC_MDSTR_PATH, grpc_slice_sub(path_slice, 0, offset));
-
-      (void)b->Substitute(b->legacy_index()->named.path,
-                          mdelem_path_without_query);
+      auto path_without_query = path_slice->TakeSubSlice(0, query_start - 1);
+      *path_slice = std::move(path_without_query);
 
       /* decode payload from query and add to the slice buffer to be returned */
       const int k_url_safe = 1;
@@ -287,25 +209,24 @@ static grpc_error_handle hs_filter_incoming_metadata(grpc_call_element* elem,
       grpc_slice_buffer_add(
           &read_slice_buffer,
           grpc_base64_decode_with_len(
-              reinterpret_cast<const char*> GRPC_SLICE_START_PTR(query_slice),
-              GRPC_SLICE_LENGTH(query_slice), k_url_safe));
+              reinterpret_cast<const char*>(query_slice.begin()),
+              query_slice.size(), k_url_safe));
       calld->read_stream.Init(&read_slice_buffer, 0);
       grpc_slice_buffer_destroy_internal(&read_slice_buffer);
       calld->have_read_stream = true;
-      grpc_slice_unref_internal(query_slice);
     } else {
       gpr_log(GPR_ERROR, "GET request without QUERY");
     }
   }
 
-  if (b->legacy_index()->named.authority == nullptr) {
+  if (b->get_pointer(grpc_core::HttpAuthorityMetadata()) == nullptr) {
     absl::optional<grpc_core::Slice> host = b->Take(grpc_core::HostMetadata());
     if (host.has_value()) {
-      b->Append(":authority", std::move(*host));
+      b->Set(grpc_core::HttpAuthorityMetadata(), std::move(*host));
     }
   }
 
-  if (b->legacy_index()->named.authority == nullptr) {
+  if (b->get_pointer(grpc_core::HttpAuthorityMetadata()) == nullptr) {
     hs_add_error(error_name, &error,
                  grpc_error_set_str(
                      GRPC_ERROR_CREATE_FROM_STATIC_STRING("Missing header"),
@@ -410,17 +331,11 @@ static grpc_error_handle hs_mutate_op(grpc_call_element* elem,
   if (op->send_initial_metadata) {
     grpc_error_handle error = GRPC_ERROR_NONE;
     static const char* error_name = "Failed sending initial metadata";
-    hs_add_error(
-        error_name, &error,
-        grpc_metadata_batch_add_head(
-            op->payload->send_initial_metadata.send_initial_metadata,
-            &calld->status, GRPC_MDELEM_STATUS_200, GRPC_BATCH_STATUS));
-    hs_add_error(error_name, &error,
-                 grpc_metadata_batch_add_tail(
-                     op->payload->send_initial_metadata.send_initial_metadata,
-                     &calld->content_type,
-                     GRPC_MDELEM_CONTENT_TYPE_APPLICATION_SLASH_GRPC,
-                     GRPC_BATCH_CONTENT_TYPE));
+    op->payload->send_initial_metadata.send_initial_metadata->Set(
+        grpc_core::HttpStatusMetadata(), 200);
+    op->payload->send_initial_metadata.send_initial_metadata->Set(
+        grpc_core::ContentTypeMetadata(),
+        grpc_core::ContentTypeMetadata::kApplicationGrpc);
     hs_add_error(error_name, &error,
                  hs_filter_outgoing_metadata(
                      op->payload->send_initial_metadata.send_initial_metadata));

data/src/core/ext/filters/message_size/message_size_filter.cc

@@ -27,13 +27,13 @@
 #include <grpc/support/alloc.h>
 #include <grpc/support/log.h>
 
-#include "src/core/ext/service_config/service_config_call_data.h"
 #include "src/core/lib/channel/channel_args.h"
 #include "src/core/lib/channel/channel_stack_builder.h"
 #include "src/core/lib/config/core_configuration.h"
 #include "src/core/lib/gpr/string.h"
 #include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
+#include "src/core/lib/service_config/service_config_call_data.h"
 #include "src/core/lib/surface/call.h"
 
 static void recv_message_ready(void* user_data, grpc_error_handle error);

data/src/core/ext/filters/message_size/message_size_filter.h

@@ -19,8 +19,8 @@
 
 #include <grpc/support/port_platform.h>
 
-#include "src/core/ext/service_config/service_config_parser.h"
 #include "src/core/lib/channel/channel_stack.h"
+#include "src/core/lib/service_config/service_config_parser.h"
 
 extern const grpc_channel_filter grpc_message_size_filter;
 

data/src/core/ext/filters/rbac/rbac_filter.cc

@@ -0,0 +1,157 @@
+//
+// Copyright 2021 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/ext/filters/rbac/rbac_filter.h"
+
+#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
+#include "src/core/lib/security/authorization/grpc_authorization_engine.h"
+#include "src/core/lib/service_config/service_config_call_data.h"
+#include "src/core/lib/transport/metadata_batch.h"
+
+namespace grpc_core {
+
+//
+// RbacFilter::CallData
+//
+
+// CallData
+
+grpc_error_handle RbacFilter::CallData::Init(
+    grpc_call_element* elem, const grpc_call_element_args* args) {
+  new (elem->call_data) CallData(elem, *args);
+  return GRPC_ERROR_NONE;
+}
+
+void RbacFilter::CallData::Destroy(grpc_call_element* elem,
+                                   const grpc_call_final_info* /*final_info*/,
+                                   grpc_closure* /*then_schedule_closure*/) {
+  auto* calld = static_cast<CallData*>(elem->call_data);
+  calld->~CallData();
+}
+
+void RbacFilter::CallData::StartTransportStreamOpBatch(
+    grpc_call_element* elem, grpc_transport_stream_op_batch* op) {
+  CallData* calld = static_cast<CallData*>(elem->call_data);
+  if (op->recv_initial_metadata) {
+    calld->recv_initial_metadata_ =
+        op->payload->recv_initial_metadata.recv_initial_metadata;
+    calld->original_recv_initial_metadata_ready_ =
+        op->payload->recv_initial_metadata.recv_initial_metadata_ready;
+    op->payload->recv_initial_metadata.recv_initial_metadata_ready =
+        &calld->recv_initial_metadata_ready_;
+  }
+  // Chain to the next filter.
+  grpc_call_next_op(elem, op);
+}
+
+RbacFilter::CallData::CallData(grpc_call_element* elem,
+                               const grpc_call_element_args& args)
+    : call_context_(args.context) {
+  GRPC_CLOSURE_INIT(&recv_initial_metadata_ready_, RecvInitialMetadataReady,
+                    elem, grpc_schedule_on_exec_ctx);
+}
+
+void RbacFilter::CallData::RecvInitialMetadataReady(void* user_data,
+                                                    grpc_error_handle error) {
+  grpc_call_element* elem = static_cast<grpc_call_element*>(user_data);
+  CallData* calld = static_cast<CallData*>(elem->call_data);
+  if (error == GRPC_ERROR_NONE) {
+    // Fetch and apply the rbac policy from the service config.
+    auto* service_config_call_data = static_cast<ServiceConfigCallData*>(
+        calld->call_context_[GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA].value);
+    auto* method_params = static_cast<RbacMethodParsedConfig*>(
+        service_config_call_data->GetMethodParsedConfig(
+            RbacServiceConfigParser::ParserIndex()));
+    if (method_params == nullptr) {
+      error = GRPC_ERROR_CREATE_FROM_STATIC_STRING("No RBAC policy found.");
+    } else {
+      RbacFilter* chand = static_cast<RbacFilter*>(elem->channel_data);
+      auto* authorization_engine =
+          method_params->authorization_engine(chand->index_);
+      if (authorization_engine
+              ->Evaluate(EvaluateArgs(calld->recv_initial_metadata_,
+                                      &chand->per_channel_evaluate_args_))
+              .type == AuthorizationEngine::Decision::Type::kDeny) {
+        error =
+            GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unauthorized RPC rejected");
+      }
+    }
+    if (error != GRPC_ERROR_NONE) {
+      error = grpc_error_set_int(error, GRPC_ERROR_INT_GRPC_STATUS,
+                                 GRPC_STATUS_PERMISSION_DENIED);
+    }
+  } else {
+    GRPC_ERROR_REF(error);
+  }
+  grpc_closure* closure = calld->original_recv_initial_metadata_ready_;
+  calld->original_recv_initial_metadata_ready_ = nullptr;
+  Closure::Run(DEBUG_LOCATION, closure, error);
+}
+
+//
+// RbacFilter
+//
+
+const grpc_channel_filter RbacFilter::kFilterVtable = {
+    RbacFilter::CallData::StartTransportStreamOpBatch,
+    grpc_channel_next_op,
+    sizeof(RbacFilter::CallData),
+    RbacFilter::CallData::Init,
+    grpc_call_stack_ignore_set_pollset_or_pollset_set,
+    RbacFilter::CallData::Destroy,
+    sizeof(RbacFilter),
+    RbacFilter::Init,
+    RbacFilter::Destroy,
+    grpc_channel_next_get_info,
+    "rbac_filter",
+};
+
+RbacFilter::RbacFilter(size_t index,
+                       EvaluateArgs::PerChannelArgs per_channel_evaluate_args)
+    : index_(index),
+      per_channel_evaluate_args_(std::move(per_channel_evaluate_args)) {}
+
+grpc_error_handle RbacFilter::Init(grpc_channel_element* elem,
+                                   grpc_channel_element_args* args) {
+  GPR_ASSERT(elem->filter == &kFilterVtable);
+  auto* auth_context = grpc_find_auth_context_in_args(args->channel_args);
+  if (auth_context == nullptr) {
+    return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No auth context found");
+  }
+  if (args->optional_transport == nullptr) {
+    // This should never happen since the transport is always set on the server
+    // side.
+    return GRPC_ERROR_CREATE_FROM_STATIC_STRING("No transport configured");
+  }
+  new (elem->channel_data) RbacFilter(
+      grpc_channel_stack_filter_instance_number(args->channel_stack, elem),
+      EvaluateArgs::PerChannelArgs(
+          auth_context, grpc_transport_get_endpoint(args->optional_transport)));
+  return GRPC_ERROR_NONE;
+}
+
+void RbacFilter::Destroy(grpc_channel_element* elem) {
+  auto* chand = static_cast<RbacFilter*>(elem->channel_data);
+  chand->~RbacFilter();
+}
+
+void RbacFilterInit(void) { RbacServiceConfigParser::Register(); }
+
+void RbacFilterShutdown(void) {}
+
+}  // namespace grpc_core

data/src/core/ext/filters/rbac/rbac_filter.h

@@ -0,0 +1,74 @@
+//
+// Copyright 2021 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
+#define GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/lib/channel/channel_stack.h"
+#include "src/core/lib/security/authorization/evaluate_args.h"
+
+namespace grpc_core {
+
+// Filter used when xDS server config fetcher provides a configuration with an
+// HTTP RBAC filter. Also serves as the type for channel data for the filter.
+class RbacFilter {
+ public:
+  // This channel filter is intended to be used by connections on xDS enabled
+  // servers configured with RBAC. The RBAC filter fetches the RBAC policy from
+  // the method config of service config returned by the ServerConfigSelector,
+  // and enforces the RBAC policy.
+  static const grpc_channel_filter kFilterVtable;
+
+ private:
+  class CallData {
+   public:
+    static grpc_error_handle Init(grpc_call_element* elem,
+                                  const grpc_call_element_args* args);
+    static void Destroy(grpc_call_element* elem,
+                        const grpc_call_final_info* /* final_info */,
+                        grpc_closure* /* then_schedule_closure */);
+    static void StartTransportStreamOpBatch(grpc_call_element* elem,
+                                            grpc_transport_stream_op_batch* op);
+
+   private:
+    CallData(grpc_call_element* elem, const grpc_call_element_args& args);
+    static void RecvInitialMetadataReady(void* user_data,
+                                         grpc_error_handle error);
+
+    grpc_call_context_element* call_context_;
+    // State for keeping track of recv_initial_metadata
+    grpc_metadata_batch* recv_initial_metadata_ = nullptr;
+    grpc_closure* original_recv_initial_metadata_ready_ = nullptr;
+    grpc_closure recv_initial_metadata_ready_;
+  };
+
+  RbacFilter(size_t index,
+             EvaluateArgs::PerChannelArgs per_channel_evaluate_args);
+  static grpc_error_handle Init(grpc_channel_element* elem,
+                                grpc_channel_element_args* args);
+  static void Destroy(grpc_channel_element* elem);
+
+  // The index of this filter instance among instances of the same filter.
+  size_t index_;
+  // Per channel args used for authorization.
+  EvaluateArgs::PerChannelArgs per_channel_evaluate_args_;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_CORE_EXT_FILTERS_RBAC_RBAC_FILTER_H