grpc 1.50.0.pre1-x86_64-linux → 1.51.0-x86_64-linux

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (464) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +131 -42
  3. data/include/grpc/event_engine/event_engine.h +10 -3
  4. data/include/grpc/event_engine/slice_buffer.h +17 -0
  5. data/include/grpc/grpc.h +0 -10
  6. data/include/grpc/impl/codegen/grpc_types.h +1 -5
  7. data/include/grpc/impl/codegen/port_platform.h +0 -3
  8. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +19 -13
  9. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +1 -0
  10. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
  11. data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -5
  12. data/src/core/ext/filters/client_channel/client_channel.cc +120 -140
  13. data/src/core/ext/filters/client_channel/client_channel.h +3 -4
  14. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -2
  15. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
  16. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
  17. data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
  18. data/src/core/ext/filters/client_channel/connector.h +1 -1
  19. data/src/core/ext/filters/client_channel/dynamic_filters.cc +20 -47
  20. data/src/core/ext/filters/client_channel/dynamic_filters.h +7 -8
  21. data/src/core/ext/filters/client_channel/health/health_check_client.cc +3 -4
  22. data/src/core/ext/filters/client_channel/http_proxy.cc +0 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
  24. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +5 -0
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +8 -7
  26. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -44
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -3
  29. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +3 -4
  30. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +1 -1
  31. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +41 -29
  32. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +9 -11
  34. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -12
  35. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +8 -10
  36. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +26 -27
  37. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +7 -9
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +44 -26
  39. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +17 -27
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -7
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +48 -47
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -126
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +364 -0
  46. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -9
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -32
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -2
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +22 -23
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +50 -52
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  52. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -4
  53. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
  54. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -26
  55. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +3 -4
  56. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
  57. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +63 -46
  58. data/src/core/ext/filters/client_channel/retry_filter.cc +80 -102
  59. data/src/core/ext/filters/client_channel/retry_service_config.cc +192 -234
  60. data/src/core/ext/filters/client_channel/retry_service_config.h +20 -23
  61. data/src/core/ext/filters/client_channel/retry_throttle.cc +8 -8
  62. data/src/core/ext/filters/client_channel/retry_throttle.h +8 -7
  63. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
  64. data/src/core/ext/filters/client_channel/subchannel.cc +21 -25
  65. data/src/core/ext/filters/client_channel/subchannel.h +2 -2
  66. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +11 -12
  67. data/src/core/ext/filters/deadline/deadline_filter.cc +13 -14
  68. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
  69. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -4
  70. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
  71. data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
  72. data/src/core/ext/filters/http/client/http_client_filter.cc +16 -16
  73. data/src/core/ext/filters/http/client_authority_filter.cc +1 -1
  74. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +13 -13
  75. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +34 -34
  76. data/src/core/ext/filters/http/server/http_server_filter.cc +26 -25
  77. data/src/core/ext/filters/message_size/message_size_filter.cc +86 -117
  78. data/src/core/ext/filters/message_size/message_size_filter.h +22 -15
  79. data/src/core/ext/filters/rbac/rbac_filter.cc +12 -12
  80. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +728 -530
  81. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +4 -3
  82. data/src/core/ext/filters/server_config_selector/server_config_selector.h +1 -1
  83. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -7
  84. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +17 -21
  85. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +57 -72
  86. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +5 -5
  87. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -1
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +212 -253
  89. data/src/core/ext/transport/chttp2/transport/flow_control.cc +42 -11
  90. data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -3
  91. data/src/core/ext/transport/chttp2/transport/frame_data.cc +16 -15
  92. data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
  93. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +13 -13
  94. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -3
  95. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +10 -7
  96. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +15 -17
  97. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +5 -4
  98. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +5 -6
  99. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -1
  100. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -1
  101. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +31 -39
  102. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +7 -6
  103. data/src/core/ext/transport/chttp2/transport/internal.h +24 -8
  104. data/src/core/ext/transport/chttp2/transport/parsing.cc +51 -52
  105. data/src/core/ext/transport/chttp2/transport/varint.cc +2 -3
  106. data/src/core/ext/transport/chttp2/transport/varint.h +11 -8
  107. data/src/core/ext/transport/chttp2/transport/writing.cc +16 -16
  108. data/src/core/ext/transport/inproc/inproc_transport.cc +97 -115
  109. data/src/core/ext/xds/certificate_provider_store.cc +4 -4
  110. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +4 -7
  111. data/src/core/ext/xds/xds_api.cc +15 -68
  112. data/src/core/ext/xds/xds_api.h +3 -7
  113. data/src/core/ext/xds/xds_bootstrap.h +0 -1
  114. data/src/core/ext/xds/xds_bootstrap_grpc.cc +3 -12
  115. data/src/core/ext/xds/xds_bootstrap_grpc.h +16 -1
  116. data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
  117. data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -1
  118. data/src/core/ext/xds/xds_client.cc +122 -90
  119. data/src/core/ext/xds/xds_client.h +7 -2
  120. data/src/core/ext/xds/xds_client_grpc.cc +5 -24
  121. data/src/core/ext/xds/xds_cluster.cc +291 -183
  122. data/src/core/ext/xds/xds_cluster.h +11 -15
  123. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +32 -29
  124. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +35 -16
  125. data/src/core/ext/xds/xds_common_types.cc +208 -141
  126. data/src/core/ext/xds/xds_common_types.h +19 -13
  127. data/src/core/ext/xds/xds_endpoint.cc +214 -129
  128. data/src/core/ext/xds/xds_endpoint.h +4 -7
  129. data/src/core/ext/xds/xds_http_fault_filter.cc +56 -43
  130. data/src/core/ext/xds/xds_http_fault_filter.h +13 -21
  131. data/src/core/ext/xds/xds_http_filters.cc +60 -73
  132. data/src/core/ext/xds/xds_http_filters.h +67 -19
  133. data/src/core/ext/xds/xds_http_rbac_filter.cc +152 -207
  134. data/src/core/ext/xds/xds_http_rbac_filter.h +12 -15
  135. data/src/core/ext/xds/xds_lb_policy_registry.cc +122 -169
  136. data/src/core/ext/xds/xds_lb_policy_registry.h +10 -11
  137. data/src/core/ext/xds/xds_listener.cc +459 -417
  138. data/src/core/ext/xds/xds_listener.h +43 -47
  139. data/src/core/ext/xds/xds_resource_type.h +3 -11
  140. data/src/core/ext/xds/xds_resource_type_impl.h +8 -13
  141. data/src/core/ext/xds/xds_route_config.cc +94 -80
  142. data/src/core/ext/xds/xds_route_config.h +10 -10
  143. data/src/core/ext/xds/xds_routing.cc +2 -1
  144. data/src/core/ext/xds/xds_routing.h +2 -0
  145. data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -94
  146. data/src/core/ext/xds/xds_transport_grpc.cc +4 -5
  147. data/src/core/lib/address_utils/parse_address.cc +11 -10
  148. data/src/core/lib/channel/channel_args.h +16 -1
  149. data/src/core/lib/channel/channel_stack.cc +23 -20
  150. data/src/core/lib/channel/channel_stack.h +17 -4
  151. data/src/core/lib/channel/channel_stack_builder.cc +4 -7
  152. data/src/core/lib/channel/channel_stack_builder.h +14 -6
  153. data/src/core/lib/channel/channel_stack_builder_impl.cc +25 -7
  154. data/src/core/lib/channel/channel_stack_builder_impl.h +2 -0
  155. data/src/core/lib/channel/channel_trace.cc +4 -5
  156. data/src/core/lib/channel/channelz.cc +1 -1
  157. data/src/core/lib/channel/connected_channel.cc +695 -35
  158. data/src/core/lib/channel/connected_channel.h +0 -4
  159. data/src/core/lib/channel/promise_based_filter.cc +1004 -140
  160. data/src/core/lib/channel/promise_based_filter.h +364 -87
  161. data/src/core/lib/compression/message_compress.cc +5 -5
  162. data/src/core/lib/debug/event_log.cc +88 -0
  163. data/src/core/lib/debug/event_log.h +81 -0
  164. data/src/core/lib/debug/histogram_view.cc +69 -0
  165. data/src/core/lib/{slice/slice_refcount.cc → debug/histogram_view.h} +15 -13
  166. data/src/core/lib/debug/stats.cc +22 -119
  167. data/src/core/lib/debug/stats.h +29 -35
  168. data/src/core/lib/debug/stats_data.cc +224 -73
  169. data/src/core/lib/debug/stats_data.h +263 -122
  170. data/src/core/lib/event_engine/common_closures.h +71 -0
  171. data/src/core/lib/event_engine/default_event_engine.cc +38 -15
  172. data/src/core/lib/event_engine/default_event_engine.h +15 -3
  173. data/src/core/lib/event_engine/default_event_engine_factory.cc +2 -4
  174. data/src/core/lib/event_engine/memory_allocator.cc +1 -1
  175. data/src/core/lib/event_engine/poller.h +10 -4
  176. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +618 -0
  177. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +129 -0
  178. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +901 -0
  179. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
  180. data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
  181. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +74 -0
  182. data/src/core/lib/event_engine/{executor/threaded_executor.cc → posix_engine/event_poller_posix_default.h} +13 -16
  183. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
  184. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
  185. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +267 -0
  186. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
  187. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1270 -0
  188. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +682 -0
  189. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +453 -18
  190. data/src/core/lib/event_engine/posix_engine/posix_engine.h +148 -24
  191. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
  192. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +1081 -0
  193. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +361 -0
  194. data/src/core/lib/event_engine/posix_engine/timer.h +9 -8
  195. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +57 -194
  196. data/src/core/lib/event_engine/posix_engine/timer_manager.h +21 -49
  197. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +301 -0
  198. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +179 -0
  199. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +126 -0
  200. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
  201. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +151 -0
  202. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
  203. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
  204. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
  205. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
  206. data/src/core/lib/event_engine/slice.cc +7 -6
  207. data/src/core/lib/event_engine/slice_buffer.cc +2 -2
  208. data/src/core/lib/event_engine/thread_pool.cc +106 -25
  209. data/src/core/lib/event_engine/thread_pool.h +32 -9
  210. data/src/core/lib/event_engine/windows/win_socket.cc +7 -7
  211. data/src/core/lib/event_engine/windows/windows_engine.cc +18 -12
  212. data/src/core/lib/event_engine/windows/windows_engine.h +8 -4
  213. data/src/core/lib/experiments/config.cc +1 -1
  214. data/src/core/lib/experiments/experiments.cc +13 -2
  215. data/src/core/lib/experiments/experiments.h +8 -1
  216. data/src/core/lib/gpr/cpu_linux.cc +6 -2
  217. data/src/core/lib/gpr/log_linux.cc +3 -4
  218. data/src/core/lib/gpr/string.h +1 -1
  219. data/src/core/lib/gpr/tmpfile_posix.cc +3 -2
  220. data/src/core/lib/gprpp/load_file.cc +75 -0
  221. data/src/core/lib/gprpp/load_file.h +33 -0
  222. data/src/core/lib/gprpp/per_cpu.h +46 -0
  223. data/src/core/lib/gprpp/stat_posix.cc +5 -4
  224. data/src/core/lib/gprpp/stat_windows.cc +3 -2
  225. data/src/core/lib/gprpp/status_helper.h +1 -3
  226. data/src/core/lib/gprpp/strerror.cc +41 -0
  227. data/src/core/{ext/xds/xds_resource_type.cc → lib/gprpp/strerror.h} +9 -13
  228. data/src/core/lib/gprpp/thd_windows.cc +1 -2
  229. data/src/core/lib/gprpp/time.cc +3 -4
  230. data/src/core/lib/gprpp/time.h +13 -2
  231. data/src/core/lib/gprpp/validation_errors.h +18 -1
  232. data/src/core/lib/http/httpcli.cc +40 -44
  233. data/src/core/lib/http/httpcli.h +6 -5
  234. data/src/core/lib/http/httpcli_security_connector.cc +4 -6
  235. data/src/core/lib/http/parser.cc +54 -65
  236. data/src/core/lib/iomgr/buffer_list.cc +105 -116
  237. data/src/core/lib/iomgr/buffer_list.h +60 -44
  238. data/src/core/lib/iomgr/call_combiner.cc +11 -10
  239. data/src/core/lib/iomgr/call_combiner.h +3 -4
  240. data/src/core/lib/iomgr/cfstream_handle.cc +13 -16
  241. data/src/core/lib/iomgr/closure.h +49 -5
  242. data/src/core/lib/iomgr/combiner.cc +2 -2
  243. data/src/core/lib/iomgr/endpoint.h +1 -1
  244. data/src/core/lib/iomgr/endpoint_cfstream.cc +26 -25
  245. data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
  246. data/src/core/lib/iomgr/error.cc +27 -42
  247. data/src/core/lib/iomgr/error.h +22 -152
  248. data/src/core/lib/iomgr/ev_apple.cc +4 -4
  249. data/src/core/lib/iomgr/ev_epoll1_linux.cc +26 -25
  250. data/src/core/lib/iomgr/ev_poll_posix.cc +27 -31
  251. data/src/core/lib/iomgr/exec_ctx.cc +3 -4
  252. data/src/core/lib/iomgr/exec_ctx.h +2 -3
  253. data/src/core/lib/iomgr/executor.cc +1 -2
  254. data/src/core/lib/iomgr/internal_errqueue.cc +3 -1
  255. data/src/core/lib/iomgr/iocp_windows.cc +1 -0
  256. data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
  257. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -1
  258. data/src/core/lib/iomgr/iomgr_windows.cc +2 -1
  259. data/src/core/lib/iomgr/load_file.cc +5 -9
  260. data/src/core/lib/iomgr/lockfree_event.cc +10 -10
  261. data/src/core/lib/iomgr/pollset_windows.cc +4 -4
  262. data/src/core/lib/iomgr/python_util.h +2 -2
  263. data/src/core/lib/iomgr/resolve_address.cc +8 -3
  264. data/src/core/lib/iomgr/resolve_address.h +3 -4
  265. data/src/core/lib/iomgr/resolve_address_impl.h +1 -1
  266. data/src/core/lib/iomgr/resolve_address_posix.cc +14 -25
  267. data/src/core/lib/iomgr/resolve_address_posix.h +1 -2
  268. data/src/core/lib/iomgr/resolve_address_windows.cc +14 -17
  269. data/src/core/lib/iomgr/resolve_address_windows.h +1 -2
  270. data/src/core/lib/iomgr/socket_utils_common_posix.cc +30 -29
  271. data/src/core/lib/iomgr/socket_utils_posix.cc +1 -0
  272. data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
  273. data/src/core/lib/iomgr/socket_windows.cc +2 -2
  274. data/src/core/lib/iomgr/tcp_client_cfstream.cc +6 -10
  275. data/src/core/lib/iomgr/tcp_client_posix.cc +31 -35
  276. data/src/core/lib/iomgr/tcp_client_windows.cc +8 -12
  277. data/src/core/lib/iomgr/tcp_posix.cc +92 -108
  278. data/src/core/lib/iomgr/tcp_server_posix.cc +34 -34
  279. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  280. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +18 -21
  281. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -13
  282. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +1 -1
  283. data/src/core/lib/iomgr/tcp_server_windows.cc +26 -29
  284. data/src/core/lib/iomgr/tcp_windows.cc +27 -34
  285. data/src/core/lib/iomgr/timer.h +8 -8
  286. data/src/core/lib/iomgr/timer_generic.cc +9 -15
  287. data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -4
  288. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +4 -3
  289. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +10 -8
  290. data/src/core/lib/json/json_channel_args.h +42 -0
  291. data/src/core/lib/json/json_object_loader.cc +7 -2
  292. data/src/core/lib/json/json_object_loader.h +22 -0
  293. data/src/core/lib/json/json_util.cc +5 -5
  294. data/src/core/lib/json/json_util.h +4 -4
  295. data/src/core/lib/load_balancing/lb_policy.cc +1 -1
  296. data/src/core/lib/load_balancing/lb_policy.h +4 -0
  297. data/src/core/lib/load_balancing/subchannel_interface.h +0 -7
  298. data/src/core/lib/matchers/matchers.cc +3 -4
  299. data/src/core/lib/promise/activity.cc +16 -2
  300. data/src/core/lib/promise/activity.h +38 -15
  301. data/src/core/lib/promise/arena_promise.h +80 -51
  302. data/src/core/lib/promise/context.h +13 -6
  303. data/src/core/lib/promise/detail/basic_seq.h +9 -28
  304. data/src/core/lib/promise/detail/promise_factory.h +58 -10
  305. data/src/core/lib/promise/detail/status.h +28 -0
  306. data/src/core/lib/promise/detail/switch.h +1455 -0
  307. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +3 -1
  308. data/src/core/lib/promise/for_each.h +129 -0
  309. data/src/core/lib/promise/loop.h +7 -5
  310. data/src/core/lib/promise/map_pipe.h +87 -0
  311. data/src/core/lib/promise/pipe.cc +19 -0
  312. data/src/core/lib/promise/pipe.h +505 -0
  313. data/src/core/lib/promise/poll.h +13 -0
  314. data/src/core/lib/promise/seq.h +3 -5
  315. data/src/core/lib/promise/sleep.cc +5 -4
  316. data/src/core/lib/promise/sleep.h +1 -2
  317. data/src/core/lib/promise/try_concurrently.h +341 -0
  318. data/src/core/lib/promise/try_seq.h +10 -13
  319. data/src/core/lib/resolver/server_address.cc +1 -0
  320. data/src/core/lib/resolver/server_address.h +1 -3
  321. data/src/core/lib/resource_quota/api.cc +0 -1
  322. data/src/core/lib/resource_quota/arena.cc +19 -0
  323. data/src/core/lib/resource_quota/arena.h +89 -0
  324. data/src/core/lib/resource_quota/memory_quota.cc +1 -0
  325. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +1 -3
  326. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
  327. data/src/core/lib/security/authorization/matchers.cc +25 -22
  328. data/src/core/lib/security/authorization/rbac_policy.cc +2 -3
  329. data/src/core/lib/security/context/security_context.h +10 -0
  330. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
  331. data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
  332. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +77 -55
  333. data/src/core/lib/security/credentials/external/aws_request_signer.cc +4 -3
  334. data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -51
  335. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +17 -21
  336. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +21 -25
  337. data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -0
  338. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -24
  339. data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -0
  340. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -2
  341. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
  342. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -5
  343. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +24 -30
  344. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -5
  345. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +3 -3
  346. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +19 -27
  347. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +4 -11
  348. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +29 -41
  349. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
  350. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +6 -11
  351. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +8 -15
  352. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  353. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +2 -6
  354. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +1 -4
  355. data/src/core/lib/security/security_connector/local/local_security_connector.cc +7 -11
  356. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +9 -14
  357. data/src/core/lib/security/security_connector/ssl_utils.cc +5 -7
  358. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +21 -27
  359. data/src/core/lib/security/transport/client_auth_filter.cc +1 -1
  360. data/src/core/lib/security/transport/secure_endpoint.cc +26 -28
  361. data/src/core/lib/security/transport/security_handshaker.cc +53 -53
  362. data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
  363. data/src/core/lib/security/transport/tsi_error.cc +6 -3
  364. data/src/core/lib/security/util/json_util.cc +4 -5
  365. data/src/core/lib/service_config/service_config.h +1 -1
  366. data/src/core/lib/service_config/service_config_impl.cc +111 -158
  367. data/src/core/lib/service_config/service_config_impl.h +14 -17
  368. data/src/core/lib/service_config/service_config_parser.cc +14 -31
  369. data/src/core/lib/service_config/service_config_parser.h +14 -10
  370. data/src/core/lib/slice/b64.cc +2 -2
  371. data/src/core/lib/slice/slice.cc +7 -1
  372. data/src/core/lib/slice/slice.h +19 -6
  373. data/src/core/lib/slice/slice_buffer.cc +13 -14
  374. data/src/core/lib/slice/slice_internal.h +13 -21
  375. data/src/core/lib/slice/slice_refcount.h +34 -19
  376. data/src/core/lib/surface/byte_buffer.cc +3 -4
  377. data/src/core/lib/surface/byte_buffer_reader.cc +4 -4
  378. data/src/core/lib/surface/call.cc +1366 -239
  379. data/src/core/lib/surface/call.h +44 -0
  380. data/src/core/lib/surface/call_details.cc +3 -3
  381. data/src/core/lib/surface/call_trace.cc +113 -0
  382. data/src/core/lib/surface/call_trace.h +30 -0
  383. data/src/core/lib/surface/channel.cc +44 -49
  384. data/src/core/lib/surface/channel.h +9 -1
  385. data/src/core/lib/surface/channel_ping.cc +1 -1
  386. data/src/core/lib/surface/channel_stack_type.cc +4 -0
  387. data/src/core/lib/surface/channel_stack_type.h +2 -0
  388. data/src/core/lib/surface/completion_queue.cc +38 -52
  389. data/src/core/lib/surface/init.cc +8 -39
  390. data/src/core/lib/surface/init_internally.h +8 -0
  391. data/src/core/lib/surface/lame_client.cc +10 -8
  392. data/src/core/lib/surface/server.cc +48 -70
  393. data/src/core/lib/surface/server.h +3 -4
  394. data/src/core/lib/surface/validate_metadata.cc +11 -12
  395. data/src/core/lib/surface/version.cc +2 -2
  396. data/src/core/lib/transport/connectivity_state.cc +2 -2
  397. data/src/core/lib/transport/error_utils.cc +34 -28
  398. data/src/core/lib/transport/error_utils.h +3 -3
  399. data/src/core/lib/transport/handshaker.cc +14 -14
  400. data/src/core/lib/transport/handshaker.h +1 -1
  401. data/src/core/lib/transport/handshaker_factory.h +26 -0
  402. data/src/core/lib/transport/handshaker_registry.cc +8 -2
  403. data/src/core/lib/transport/handshaker_registry.h +3 -4
  404. data/src/core/lib/transport/http_connect_handshaker.cc +23 -24
  405. data/src/core/lib/transport/metadata_batch.h +17 -1
  406. data/src/core/lib/transport/parsed_metadata.cc +2 -6
  407. data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -20
  408. data/src/core/lib/transport/transport.cc +63 -17
  409. data/src/core/lib/transport/transport.h +64 -68
  410. data/src/core/lib/transport/transport_impl.h +1 -1
  411. data/src/core/lib/transport/transport_op_string.cc +7 -6
  412. data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -10
  413. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -14
  414. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +10 -10
  415. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +8 -8
  416. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -1
  417. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +7 -7
  418. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +7 -6
  419. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
  420. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -5
  421. data/src/core/tsi/fake_transport_security.cc +3 -3
  422. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +7 -3
  423. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  424. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +6 -2
  425. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +0 -2
  426. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +0 -3
  427. data/src/ruby/lib/grpc/2.6/grpc_c.so +0 -0
  428. data/src/ruby/lib/grpc/2.7/grpc_c.so +0 -0
  429. data/src/ruby/lib/grpc/3.0/grpc_c.so +0 -0
  430. data/src/ruby/lib/grpc/3.1/grpc_c.so +0 -0
  431. data/src/ruby/lib/grpc/grpc_c.so +0 -0
  432. data/src/ruby/lib/grpc/version.rb +1 -1
  433. data/src/ruby/spec/channel_spec.rb +0 -43
  434. data/src/ruby/spec/generic/active_call_spec.rb +12 -3
  435. data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
  436. data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
  437. data/third_party/zlib/compress.c +3 -3
  438. data/third_party/zlib/crc32.c +21 -12
  439. data/third_party/zlib/deflate.c +112 -106
  440. data/third_party/zlib/deflate.h +2 -2
  441. data/third_party/zlib/gzlib.c +1 -1
  442. data/third_party/zlib/gzread.c +3 -5
  443. data/third_party/zlib/gzwrite.c +1 -1
  444. data/third_party/zlib/infback.c +10 -7
  445. data/third_party/zlib/inflate.c +5 -2
  446. data/third_party/zlib/inftrees.c +2 -2
  447. data/third_party/zlib/inftrees.h +1 -1
  448. data/third_party/zlib/trees.c +61 -62
  449. data/third_party/zlib/uncompr.c +2 -2
  450. data/third_party/zlib/zconf.h +16 -3
  451. data/third_party/zlib/zlib.h +10 -10
  452. data/third_party/zlib/zutil.c +9 -7
  453. data/third_party/zlib/zutil.h +1 -0
  454. metadata +57 -20
  455. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
  456. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
  457. data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
  458. data/src/core/lib/gpr/murmur_hash.cc +0 -82
  459. data/src/core/lib/gpr/murmur_hash.h +0 -29
  460. data/src/core/lib/gpr/tls.h +0 -156
  461. data/src/core/lib/promise/call_push_pull.h +0 -148
  462. data/src/core/lib/slice/slice_api.cc +0 -39
  463. data/src/core/lib/slice/slice_buffer_api.cc +0 -35
  464. data/src/core/lib/slice/slice_refcount_base.h +0 -60
@@ -18,599 +18,797 @@
18
18
 
19
19
  #include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
20
20
 
21
- #include <stdint.h>
22
-
21
+ #include <cstdint>
23
22
  #include <map>
24
23
  #include <string>
25
24
 
26
- #include "absl/memory/memory.h"
27
25
  #include "absl/status/status.h"
28
26
  #include "absl/status/statusor.h"
29
- #include "absl/strings/str_cat.h"
30
- #include "absl/strings/str_format.h"
31
27
  #include "absl/types/optional.h"
32
28
 
33
29
  #include "src/core/lib/channel/channel_args.h"
34
- #include "src/core/lib/iomgr/error.h"
35
- #include "src/core/lib/json/json_util.h"
30
+ #include "src/core/lib/json/json_args.h"
31
+ #include "src/core/lib/json/json_object_loader.h"
36
32
  #include "src/core/lib/matchers/matchers.h"
37
- #include "src/core/lib/transport/error_utils.h"
38
33
 
39
34
  namespace grpc_core {
40
35
 
41
36
  namespace {
42
37
 
43
- std::string ParseRegexMatcher(const Json::Object& regex_matcher_json,
44
- std::vector<grpc_error_handle>* error_list) {
45
- std::string regex;
46
- ParseJsonObjectField(regex_matcher_json, "regex", &regex, error_list);
47
- return regex;
38
+ // RbacConfig: one or more RbacPolicy structs
39
+ struct RbacConfig {
40
+ // RbacPolicy: optional Rules
41
+ struct RbacPolicy {
42
+ // Rules: an action, plus a map of policy names to Policy structs
43
+ struct Rules {
44
+ // Policy: a list of Permissions and a list of Principals
45
+ struct Policy {
46
+ // CidrRange: represents an IP range
47
+ struct CidrRange {
48
+ Rbac::CidrRange cidr_range;
49
+
50
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
51
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
52
+ ValidationErrors* errors);
53
+ };
54
+
55
+ // SafeRegexMatch: a regex matcher
56
+ struct SafeRegexMatch {
57
+ std::string regex;
58
+
59
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
60
+ };
61
+
62
+ // HeaderMatch: a matcher for HTTP headers
63
+ struct HeaderMatch {
64
+ // RangeMatch: matches a range of numerical values
65
+ struct RangeMatch {
66
+ int64_t start;
67
+ int64_t end;
68
+
69
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
70
+ };
71
+
72
+ HeaderMatcher matcher;
73
+
74
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
75
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
76
+ ValidationErrors* errors);
77
+ };
78
+
79
+ // StringMatch: a matcher for strings
80
+ struct StringMatch {
81
+ StringMatcher matcher;
82
+
83
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
84
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
85
+ ValidationErrors* errors);
86
+ };
87
+
88
+ // PathMatch: a matcher for paths
89
+ struct PathMatch {
90
+ StringMatch path;
91
+
92
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
93
+ };
94
+
95
+ // Metadata: a matcher for Envoy metadata (not really applicable
96
+ // to gRPC; we use only the invert field for proper match semantics)
97
+ struct Metadata {
98
+ bool invert = false;
99
+
100
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
101
+ };
102
+
103
+ // Permission: a matcher for request attributes
104
+ struct Permission {
105
+ // PermissionList: a list used for "and" and "or" matchers
106
+ struct PermissionList {
107
+ std::vector<Permission> rules;
108
+
109
+ PermissionList() = default;
110
+ PermissionList(const PermissionList&) = delete;
111
+ PermissionList& operator=(const PermissionList&) = delete;
112
+ PermissionList(PermissionList&&) = default;
113
+ PermissionList& operator=(PermissionList&&) = default;
114
+
115
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
116
+ };
117
+
118
+ std::unique_ptr<Rbac::Permission> permission;
119
+
120
+ Permission() = default;
121
+ Permission(const Permission&) = delete;
122
+ Permission& operator=(const Permission&) = delete;
123
+ Permission(Permission&&) = default;
124
+ Permission& operator=(Permission&&) = default;
125
+
126
+ static std::vector<std::unique_ptr<Rbac::Permission>>
127
+ MakeRbacPermissionList(std::vector<Permission> permission_list);
128
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
129
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
130
+ ValidationErrors* errors);
131
+ };
132
+
133
+ // Principal: a matcher for client identity
134
+ struct Principal {
135
+ // PrincipalList: a list used for "and" and "or" matchers
136
+ struct PrincipalList {
137
+ std::vector<Principal> ids;
138
+
139
+ PrincipalList() = default;
140
+ PrincipalList(const PrincipalList&) = delete;
141
+ PrincipalList& operator=(const PrincipalList&) = delete;
142
+ PrincipalList(PrincipalList&&) = default;
143
+ PrincipalList& operator=(PrincipalList&&) = default;
144
+
145
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
146
+ };
147
+
148
+ struct Authenticated {
149
+ absl::optional<StringMatch> principal_name;
150
+
151
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
152
+ };
153
+
154
+ std::unique_ptr<Rbac::Principal> principal;
155
+
156
+ Principal() = default;
157
+ Principal(const Principal&) = delete;
158
+ Principal& operator=(const Principal&) = delete;
159
+ Principal(Principal&&) = default;
160
+ Principal& operator=(Principal&&) = default;
161
+
162
+ static std::vector<std::unique_ptr<Rbac::Principal>>
163
+ MakeRbacPrincipalList(std::vector<Principal> principal_list);
164
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
165
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
166
+ ValidationErrors* errors);
167
+ };
168
+
169
+ std::vector<Permission> permissions;
170
+ std::vector<Principal> principals;
171
+
172
+ Policy() = default;
173
+ Policy(const Policy&) = delete;
174
+ Policy& operator=(const Policy&) = delete;
175
+ Policy(Policy&&) = default;
176
+ Policy& operator=(Policy&&) = default;
177
+
178
+ Rbac::Policy TakeAsRbacPolicy();
179
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
180
+ };
181
+
182
+ int action;
183
+ std::map<std::string, Policy> policies;
184
+
185
+ Rules() = default;
186
+ Rules(const Rules&) = delete;
187
+ Rules& operator=(const Rules&) = delete;
188
+ Rules(Rules&&) = default;
189
+ Rules& operator=(Rules&&) = default;
190
+
191
+ Rbac TakeAsRbac();
192
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
193
+ void JsonPostLoad(const Json&, const JsonArgs&, ValidationErrors* errors);
194
+ };
195
+
196
+ absl::optional<Rules> rules;
197
+
198
+ Rbac TakeAsRbac();
199
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
200
+ };
201
+
202
+ std::vector<RbacPolicy> rbac_policies;
203
+
204
+ std::vector<Rbac> TakeAsRbacList();
205
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
206
+ };
207
+
208
+ //
209
+ // RbacConfig::RbacPolicy::Rules::Policy::CidrRange
210
+ //
211
+
212
+ const JsonLoaderInterface*
213
+ RbacConfig::RbacPolicy::Rules::Policy::CidrRange::JsonLoader(const JsonArgs&) {
214
+ // All fields handled in JsonPostLoad().
215
+ static const auto* loader = JsonObjectLoader<CidrRange>().Finish();
216
+ return loader;
48
217
  }
49
218
 
50
- absl::StatusOr<HeaderMatcher> ParseHeaderMatcher(
51
- const Json::Object& header_matcher_json,
52
- std::vector<grpc_error_handle>* error_list) {
53
- std::string name;
54
- ParseJsonObjectField(header_matcher_json, "name", &name, error_list);
55
- std::string match;
56
- HeaderMatcher::Type type = HeaderMatcher::Type();
57
- const Json::Object* inner_json;
58
- int64_t start = 0;
59
- int64_t end = 0;
60
- bool present_match = false;
61
- bool invert_match = false;
62
- ParseJsonObjectField(header_matcher_json, "invertMatch", &invert_match,
63
- error_list, /*required=*/false);
64
- if (ParseJsonObjectField(header_matcher_json, "exactMatch", &match,
65
- error_list, /*required=*/false)) {
66
- type = HeaderMatcher::Type::kExact;
67
- } else if (ParseJsonObjectField(header_matcher_json, "safeRegexMatch",
68
- &inner_json, error_list,
69
- /*required=*/false)) {
70
- type = HeaderMatcher::Type::kSafeRegex;
71
- std::vector<grpc_error_handle> safe_regex_matcher_error_list;
72
- match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
73
- if (!safe_regex_matcher_error_list.empty()) {
74
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
75
- "safeRegexMatch", &safe_regex_matcher_error_list));
76
- }
77
- } else if (ParseJsonObjectField(header_matcher_json, "rangeMatch",
78
- &inner_json, error_list,
79
- /*required=*/false)) {
80
- type = HeaderMatcher::Type::kRange;
81
- std::vector<grpc_error_handle> range_error_list;
82
- ParseJsonObjectField(*inner_json, "start", &start, &range_error_list);
83
- ParseJsonObjectField(*inner_json, "end", &end, &range_error_list);
84
- if (!range_error_list.empty()) {
85
- error_list->push_back(
86
- GRPC_ERROR_CREATE_FROM_VECTOR("rangeMatch", &range_error_list));
87
- }
88
- } else if (ParseJsonObjectField(header_matcher_json, "presentMatch",
89
- &present_match, error_list,
90
- /*required=*/false)) {
91
- type = HeaderMatcher::Type::kPresent;
92
- } else if (ParseJsonObjectField(header_matcher_json, "prefixMatch", &match,
93
- error_list, /*required=*/false)) {
94
- type = HeaderMatcher::Type::kPrefix;
95
- } else if (ParseJsonObjectField(header_matcher_json, "suffixMatch", &match,
96
- error_list, /*required=*/false)) {
97
- type = HeaderMatcher::Type::kSuffix;
98
- } else if (ParseJsonObjectField(header_matcher_json, "containsMatch", &match,
99
- error_list, /*required=*/false)) {
100
- type = HeaderMatcher::Type::kContains;
101
- } else {
102
- return absl::InvalidArgumentError("No valid matcher found");
103
- }
104
- return HeaderMatcher::Create(name, type, match, start, end, present_match,
105
- invert_match);
219
+ void RbacConfig::RbacPolicy::Rules::Policy::CidrRange::JsonPostLoad(
220
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
221
+ auto address_prefix = LoadJsonObjectField<std::string>(
222
+ json.object_value(), args, "addressPrefix", errors);
223
+ auto prefix_len = LoadJsonObjectField<uint32_t>(json.object_value(), args,
224
+ "prefixLen", errors,
225
+ /*required=*/false);
226
+ cidr_range =
227
+ Rbac::CidrRange(address_prefix.value_or(""), prefix_len.value_or(0));
106
228
  }
107
229
 
108
- absl::StatusOr<StringMatcher> ParseStringMatcher(
109
- const Json::Object& string_matcher_json,
110
- std::vector<grpc_error_handle>* error_list) {
111
- std::string match;
112
- StringMatcher::Type type = StringMatcher::Type();
113
- const Json::Object* inner_json;
114
- bool ignore_case = false;
115
- ParseJsonObjectField(string_matcher_json, "ignoreCase", &ignore_case,
116
- error_list, /*required=*/false);
117
- if (ParseJsonObjectField(string_matcher_json, "exact", &match, error_list,
118
- /*required=*/false)) {
119
- type = StringMatcher::Type::kExact;
120
- } else if (ParseJsonObjectField(string_matcher_json, "prefix", &match,
121
- error_list, /*required=*/false)) {
122
- type = StringMatcher::Type::kPrefix;
123
- } else if (ParseJsonObjectField(string_matcher_json, "suffix", &match,
124
- error_list, /*required=*/false)) {
125
- type = StringMatcher::Type::kSuffix;
126
- } else if (ParseJsonObjectField(string_matcher_json, "safeRegex", &inner_json,
127
- error_list, /*required=*/false)) {
128
- type = StringMatcher::Type::kSafeRegex;
129
- std::vector<grpc_error_handle> safe_regex_matcher_error_list;
130
- match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
131
- if (!safe_regex_matcher_error_list.empty()) {
132
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
133
- "safeRegex", &safe_regex_matcher_error_list));
134
- }
135
- } else if (ParseJsonObjectField(string_matcher_json, "contains", &match,
136
- error_list, /*required=*/false)) {
137
- type = StringMatcher::Type::kContains;
138
- } else {
139
- return absl::InvalidArgumentError("No valid matcher found");
140
- }
141
- return StringMatcher::Create(type, match, ignore_case);
230
+ //
231
+ // RbacConfig::RbacPolicy::Rules::Policy::SafeRegexMatch
232
+ //
233
+
234
+ const JsonLoaderInterface*
235
+ RbacConfig::RbacPolicy::Rules::Policy::SafeRegexMatch::JsonLoader(
236
+ const JsonArgs&) {
237
+ static const auto* loader = JsonObjectLoader<SafeRegexMatch>()
238
+ .Field("regex", &SafeRegexMatch::regex)
239
+ .Finish();
240
+ return loader;
142
241
  }
143
242
 
144
- absl::StatusOr<StringMatcher> ParsePathMatcher(
145
- const Json::Object& path_matcher_json,
146
- std::vector<grpc_error_handle>* error_list) {
147
- const Json::Object* string_matcher_json;
148
- if (ParseJsonObjectField(path_matcher_json, "path", &string_matcher_json,
149
- error_list)) {
150
- std::vector<grpc_error_handle> sub_error_list;
151
- auto matcher = ParseStringMatcher(*string_matcher_json, &sub_error_list);
152
- if (!sub_error_list.empty()) {
153
- error_list->push_back(
154
- GRPC_ERROR_CREATE_FROM_VECTOR("path", &sub_error_list));
155
- }
156
- return matcher;
157
- }
158
- return absl::InvalidArgumentError("No path found");
243
+ //
244
+ // RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::RangeMatch
245
+ //
246
+
247
+ const JsonLoaderInterface*
248
+ RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::RangeMatch::JsonLoader(
249
+ const JsonArgs&) {
250
+ static const auto* loader = JsonObjectLoader<RangeMatch>()
251
+ .Field("start", &RangeMatch::start)
252
+ .Field("end", &RangeMatch::end)
253
+ .Finish();
254
+ return loader;
159
255
  }
160
256
 
161
- Rbac::CidrRange ParseCidrRange(const Json::Object& cidr_range_json,
162
- std::vector<grpc_error_handle>* error_list) {
163
- std::string address_prefix;
164
- ParseJsonObjectField(cidr_range_json, "addressPrefix", &address_prefix,
165
- error_list);
166
- const Json::Object* uint32_json;
167
- uint32_t prefix_len = 0; // default value
168
- if (ParseJsonObjectField(cidr_range_json, "prefixLen", &uint32_json,
169
- error_list, /*required=*/false)) {
170
- std::vector<grpc_error_handle> sub_error_list;
171
- ParseJsonObjectField(*uint32_json, "value", &prefix_len, &sub_error_list);
172
- if (!sub_error_list.empty()) {
173
- error_list->push_back(
174
- GRPC_ERROR_CREATE_FROM_VECTOR("prefixLen", &sub_error_list));
175
- }
176
- }
177
- return Rbac::CidrRange(std::move(address_prefix), prefix_len);
257
+ //
258
+ // RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch
259
+ //
260
+
261
+ const JsonLoaderInterface*
262
+ RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::JsonLoader(
263
+ const JsonArgs&) {
264
+ // All fields handled in JsonPostLoad().
265
+ static const auto* loader = JsonObjectLoader<HeaderMatch>().Finish();
266
+ return loader;
178
267
  }
179
268
 
180
- Rbac::Permission ParsePermission(const Json::Object& permission_json,
181
- std::vector<grpc_error_handle>* error_list) {
182
- auto parse_permission_set = [](const Json::Object& permission_set_json,
183
- std::vector<grpc_error_handle>* error_list) {
184
- const Json::Array* rules_json;
185
- std::vector<std::unique_ptr<Rbac::Permission>> permissions;
186
- if (ParseJsonObjectField(permission_set_json, "rules", &rules_json,
187
- error_list)) {
188
- for (size_t i = 0; i < rules_json->size(); ++i) {
189
- const Json::Object* permission_json;
190
- if (!ExtractJsonType((*rules_json)[i],
191
- absl::StrFormat("rules[%d]", i).c_str(),
192
- &permission_json, error_list)) {
193
- continue;
194
- }
195
- std::vector<grpc_error_handle> permission_error_list;
196
- permissions.emplace_back(absl::make_unique<Rbac::Permission>(
197
- ParsePermission(*permission_json, &permission_error_list)));
198
- if (!permission_error_list.empty()) {
199
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
200
- absl::StrFormat("rules[%d]", i), &permission_error_list));
201
- }
202
- }
203
- }
204
- return permissions;
205
- };
206
- Rbac::Permission permission;
207
- const Json::Object* inner_json;
208
- bool any;
209
- int port;
210
- if (ParseJsonObjectField(permission_json, "andRules", &inner_json, error_list,
211
- /*required=*/false)) {
212
- std::vector<grpc_error_handle> and_rules_error_list;
213
- permission = Rbac::Permission::MakeAndPermission(
214
- parse_permission_set(*inner_json, &and_rules_error_list));
215
- if (!and_rules_error_list.empty()) {
216
- error_list->push_back(
217
- GRPC_ERROR_CREATE_FROM_VECTOR("andRules", &and_rules_error_list));
218
- }
219
- } else if (ParseJsonObjectField(permission_json, "orRules", &inner_json,
220
- error_list, /*required=*/false)) {
221
- std::vector<grpc_error_handle> or_rules_error_list;
222
- permission = Rbac::Permission::MakeOrPermission(
223
- parse_permission_set(*inner_json, &or_rules_error_list));
224
- if (!or_rules_error_list.empty()) {
225
- error_list->push_back(
226
- GRPC_ERROR_CREATE_FROM_VECTOR("orRules", &or_rules_error_list));
227
- }
228
- } else if (ParseJsonObjectField(permission_json, "any", &any, error_list,
229
- /*required=*/false) &&
230
- any) {
231
- permission = Rbac::Permission::MakeAnyPermission();
232
- } else if (ParseJsonObjectField(permission_json, "header", &inner_json,
233
- error_list,
234
- /*required=*/false)) {
235
- std::vector<grpc_error_handle> header_error_list;
236
- auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
237
- if (matcher.ok()) {
238
- permission = Rbac::Permission::MakeHeaderPermission(*matcher);
269
+ void RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::JsonPostLoad(
270
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
271
+ const size_t original_error_size = errors->size();
272
+ std::string name = LoadJsonObjectField<std::string>(json.object_value(), args,
273
+ "name", errors)
274
+ .value_or("");
275
+ bool invert_match = LoadJsonObjectField<bool>(json.object_value(), args,
276
+ "invertMatch", errors,
277
+ /*required=*/false)
278
+ .value_or(false);
279
+ auto set_header_matcher = [&](absl::StatusOr<HeaderMatcher> header_matcher) {
280
+ if (header_matcher.ok()) {
281
+ matcher = *header_matcher;
239
282
  } else {
240
- header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
241
- }
242
- if (!header_error_list.empty()) {
243
- error_list->push_back(
244
- GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
245
- }
246
- } else if (ParseJsonObjectField(permission_json, "urlPath", &inner_json,
247
- error_list,
248
- /*required=*/false)) {
249
- std::vector<grpc_error_handle> url_path_error_list;
250
- auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
251
- if (matcher.ok()) {
252
- permission = Rbac::Permission::MakePathPermission(*matcher);
253
- } else {
254
- url_path_error_list.push_back(
255
- absl_status_to_grpc_error(matcher.status()));
256
- }
257
- if (!url_path_error_list.empty()) {
258
- error_list->push_back(
259
- GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
283
+ errors->AddError(header_matcher.status().message());
260
284
  }
261
- } else if (ParseJsonObjectField(permission_json, "destinationIp", &inner_json,
262
- error_list, /*required=*/false)) {
263
- std::vector<grpc_error_handle> destination_ip_error_list;
264
- permission = Rbac::Permission::MakeDestIpPermission(
265
- ParseCidrRange(*inner_json, &destination_ip_error_list));
266
- if (!destination_ip_error_list.empty()) {
267
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
268
- "destinationIp", &destination_ip_error_list));
269
- }
270
- } else if (ParseJsonObjectField(permission_json, "destinationPort", &port,
271
- error_list, /*required=*/false)) {
272
- permission = Rbac::Permission::MakeDestPortPermission(port);
273
- } else if (ParseJsonObjectField(permission_json, "metadata", &inner_json,
274
- error_list, /*required=*/false)) {
275
- std::vector<grpc_error_handle> metadata_error_list;
276
- bool invert = false;
277
- ParseJsonObjectField(*inner_json, "invert", &invert, &metadata_error_list,
278
- /*required=*/false);
279
- if (metadata_error_list.empty()) {
280
- permission = Rbac::Permission::MakeMetadataPermission(invert);
281
- } else {
282
- error_list->push_back(
283
- GRPC_ERROR_CREATE_FROM_VECTOR("metadata", &metadata_error_list));
284
- }
285
- } else if (ParseJsonObjectField(permission_json, "notRule", &inner_json,
286
- error_list, /*required=*/false)) {
287
- std::vector<grpc_error_handle> not_rule_error_list;
288
- permission = Rbac::Permission::MakeNotPermission(
289
- ParsePermission(*inner_json, &not_rule_error_list));
290
- if (!not_rule_error_list.empty()) {
291
- error_list->push_back(
292
- GRPC_ERROR_CREATE_FROM_VECTOR("notRule", &not_rule_error_list));
293
- }
294
- } else if (ParseJsonObjectField(permission_json, "requestedServerName",
295
- &inner_json, error_list,
296
- /*required=*/false)) {
297
- std::vector<grpc_error_handle> req_server_name_error_list;
298
- auto matcher = ParseStringMatcher(*inner_json, &req_server_name_error_list);
299
- if (matcher.ok()) {
300
- permission = Rbac::Permission::MakeReqServerNamePermission(*matcher);
301
- } else {
302
- req_server_name_error_list.push_back(
303
- absl_status_to_grpc_error(matcher.status()));
304
- }
305
- if (!req_server_name_error_list.empty()) {
306
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
307
- "requestedServerName", &req_server_name_error_list));
308
- }
309
- } else {
310
- error_list->push_back(
311
- GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid rule found"));
285
+ };
286
+ auto check_match = [&](absl::string_view field_name,
287
+ HeaderMatcher::Type type) {
288
+ auto match = LoadJsonObjectField<std::string>(json.object_value(), args,
289
+ field_name, errors,
290
+ /*required=*/false);
291
+ if (match.has_value()) {
292
+ set_header_matcher(
293
+ HeaderMatcher::Create(name, type, *match, 0, 0, false, invert_match));
294
+ return true;
295
+ }
296
+ return false;
297
+ };
298
+ if (check_match("exactMatch", HeaderMatcher::Type::kExact) ||
299
+ check_match("prefixMatch", HeaderMatcher::Type::kPrefix) ||
300
+ check_match("suffixMatch", HeaderMatcher::Type::kSuffix) ||
301
+ check_match("containsMatch", HeaderMatcher::Type::kContains)) {
302
+ return;
303
+ }
304
+ auto present_match = LoadJsonObjectField<bool>(json.object_value(), args,
305
+ "presentMatch", errors,
306
+ /*required=*/false);
307
+ if (present_match.has_value()) {
308
+ set_header_matcher(
309
+ HeaderMatcher::Create(name, HeaderMatcher::Type::kPresent, "", 0, 0,
310
+ *present_match, invert_match));
311
+ return;
312
+ }
313
+ auto regex_match = LoadJsonObjectField<SafeRegexMatch>(
314
+ json.object_value(), args, "safeRegexMatch", errors,
315
+ /*required=*/false);
316
+ if (regex_match.has_value()) {
317
+ set_header_matcher(
318
+ HeaderMatcher::Create(name, HeaderMatcher::Type::kSafeRegex,
319
+ regex_match->regex, 0, 0, false, invert_match));
320
+ return;
321
+ }
322
+ auto range_match = LoadJsonObjectField<RangeMatch>(json.object_value(), args,
323
+ "rangeMatch", errors,
324
+ /*required=*/false);
325
+ if (range_match.has_value()) {
326
+ set_header_matcher(HeaderMatcher::Create(name, HeaderMatcher::Type::kRange,
327
+ "", range_match->start,
328
+ range_match->end, invert_match));
329
+ return;
330
+ }
331
+ if (errors->size() == original_error_size) {
332
+ errors->AddError("no valid matcher found");
312
333
  }
313
- return permission;
314
334
  }
315
335
 
316
- Rbac::Principal ParsePrincipal(const Json::Object& principal_json,
317
- std::vector<grpc_error_handle>* error_list) {
318
- auto parse_principal_set = [](const Json::Object& principal_set_json,
319
- std::vector<grpc_error_handle>* error_list) {
320
- const Json::Array* rules_json;
321
- std::vector<std::unique_ptr<Rbac::Principal>> principals;
322
- if (ParseJsonObjectField(principal_set_json, "ids", &rules_json,
323
- error_list)) {
324
- for (size_t i = 0; i < rules_json->size(); ++i) {
325
- const Json::Object* principal_json;
326
- if (!ExtractJsonType((*rules_json)[i],
327
- absl::StrFormat("ids[%d]", i).c_str(),
328
- &principal_json, error_list)) {
329
- continue;
330
- }
331
- std::vector<grpc_error_handle> principal_error_list;
332
- principals.emplace_back(absl::make_unique<Rbac::Principal>(
333
- ParsePrincipal(*principal_json, &principal_error_list)));
334
- if (!principal_error_list.empty()) {
335
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
336
- absl::StrFormat("ids[%d]", i), &principal_error_list));
337
- }
338
- }
339
- }
340
- return principals;
341
- };
342
- Rbac::Principal principal;
343
- const Json::Object* inner_json;
344
- bool any;
345
- if (ParseJsonObjectField(principal_json, "andIds", &inner_json, error_list,
346
- /*required=*/false)) {
347
- std::vector<grpc_error_handle> and_rules_error_list;
348
- principal = Rbac::Principal::MakeAndPrincipal(
349
- parse_principal_set(*inner_json, &and_rules_error_list));
350
- if (!and_rules_error_list.empty()) {
351
- error_list->push_back(
352
- GRPC_ERROR_CREATE_FROM_VECTOR("andIds", &and_rules_error_list));
353
- }
354
- } else if (ParseJsonObjectField(principal_json, "orIds", &inner_json,
355
- error_list, /*required=*/false)) {
356
- std::vector<grpc_error_handle> or_rules_error_list;
357
- principal = Rbac::Principal::MakeOrPrincipal(
358
- parse_principal_set(*inner_json, &or_rules_error_list));
359
- if (!or_rules_error_list.empty()) {
360
- error_list->push_back(
361
- GRPC_ERROR_CREATE_FROM_VECTOR("orIds", &or_rules_error_list));
362
- }
363
- } else if (ParseJsonObjectField(principal_json, "any", &any, error_list,
364
- /*required=*/false) &&
365
- any) {
366
- principal = Rbac::Principal::MakeAnyPrincipal();
367
- } else if (ParseJsonObjectField(principal_json, "authenticated", &inner_json,
368
- error_list, /*required=*/false)) {
369
- std::vector<grpc_error_handle> authenticated_error_list;
370
- const Json::Object* principal_name_json;
371
- if (ParseJsonObjectField(*inner_json, "principalName", &principal_name_json,
372
- &authenticated_error_list, /*required=*/false)) {
373
- std::vector<grpc_error_handle> principal_name_error_list;
374
- auto matcher =
375
- ParseStringMatcher(*principal_name_json, &principal_name_error_list);
376
- if (matcher.ok()) {
377
- principal = Rbac::Principal::MakeAuthenticatedPrincipal(*matcher);
378
- } else {
379
- principal_name_error_list.push_back(
380
- absl_status_to_grpc_error(matcher.status()));
381
- }
382
- if (!principal_name_error_list.empty()) {
383
- authenticated_error_list.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
384
- "principalName", &principal_name_error_list));
385
- }
386
- } else if (authenticated_error_list.empty()) {
387
- // No principalName found. Match for all users.
388
- principal = Rbac::Principal::MakeAnyPrincipal();
389
- } else {
390
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
391
- "authenticated", &authenticated_error_list));
392
- }
393
- } else if (ParseJsonObjectField(principal_json, "sourceIp", &inner_json,
394
- error_list, /*required=*/false)) {
395
- std::vector<grpc_error_handle> source_ip_error_list;
396
- principal = Rbac::Principal::MakeSourceIpPrincipal(
397
- ParseCidrRange(*inner_json, &source_ip_error_list));
398
- if (!source_ip_error_list.empty()) {
399
- error_list->push_back(
400
- GRPC_ERROR_CREATE_FROM_VECTOR("sourceIp", &source_ip_error_list));
401
- }
402
- } else if (ParseJsonObjectField(principal_json, "directRemoteIp", &inner_json,
403
- error_list, /*required=*/false)) {
404
- std::vector<grpc_error_handle> direct_remote_ip_error_list;
405
- principal = Rbac::Principal::MakeDirectRemoteIpPrincipal(
406
- ParseCidrRange(*inner_json, &direct_remote_ip_error_list));
407
- if (!direct_remote_ip_error_list.empty()) {
408
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
409
- "directRemoteIp", &direct_remote_ip_error_list));
410
- }
411
- } else if (ParseJsonObjectField(principal_json, "remoteIp", &inner_json,
412
- error_list, /*required=*/false)) {
413
- std::vector<grpc_error_handle> remote_ip_error_list;
414
- principal = Rbac::Principal::MakeRemoteIpPrincipal(
415
- ParseCidrRange(*inner_json, &remote_ip_error_list));
416
- if (!remote_ip_error_list.empty()) {
417
- error_list->push_back(
418
- GRPC_ERROR_CREATE_FROM_VECTOR("remoteIp", &remote_ip_error_list));
419
- }
420
- } else if (ParseJsonObjectField(principal_json, "header", &inner_json,
421
- error_list,
422
- /*required=*/false)) {
423
- std::vector<grpc_error_handle> header_error_list;
424
- auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
425
- if (matcher.ok()) {
426
- principal = Rbac::Principal::MakeHeaderPrincipal(*matcher);
427
- } else {
428
- header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
429
- }
430
- if (!header_error_list.empty()) {
431
- error_list->push_back(
432
- GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
433
- }
434
- } else if (ParseJsonObjectField(principal_json, "urlPath", &inner_json,
435
- error_list,
436
- /*required=*/false)) {
437
- std::vector<grpc_error_handle> url_path_error_list;
438
- auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
439
- if (matcher.ok()) {
440
- principal = Rbac::Principal::MakePathPrincipal(*matcher);
441
- } else {
442
- url_path_error_list.push_back(
443
- absl_status_to_grpc_error(matcher.status()));
444
- }
445
- if (!url_path_error_list.empty()) {
446
- error_list->push_back(
447
- GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
448
- }
449
- } else if (ParseJsonObjectField(principal_json, "metadata", &inner_json,
450
- error_list, /*required=*/false)) {
451
- std::vector<grpc_error_handle> metadata_error_list;
452
- bool invert = false;
453
- ParseJsonObjectField(*inner_json, "invert", &invert, &metadata_error_list,
454
- /*required=*/false);
455
- if (metadata_error_list.empty()) {
456
- principal = Rbac::Principal::MakeMetadataPrincipal(invert);
336
+ //
337
+ // RbacConfig::RbacPolicy::Rules::Policy::StringMatch
338
+ //
339
+
340
+ const JsonLoaderInterface*
341
+ RbacConfig::RbacPolicy::Rules::Policy::StringMatch::JsonLoader(
342
+ const JsonArgs&) {
343
+ // All fields handled in JsonPostLoad().
344
+ static const auto* loader = JsonObjectLoader<StringMatch>().Finish();
345
+ return loader;
346
+ }
347
+
348
+ void RbacConfig::RbacPolicy::Rules::Policy::StringMatch::JsonPostLoad(
349
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
350
+ const size_t original_error_size = errors->size();
351
+ bool ignore_case =
352
+ LoadJsonObjectField<bool>(json.object_value(), args, "ignoreCase", errors,
353
+ /*required=*/false)
354
+ .value_or(false);
355
+ auto set_string_matcher = [&](absl::StatusOr<StringMatcher> string_matcher) {
356
+ if (string_matcher.ok()) {
357
+ matcher = *string_matcher;
457
358
  } else {
458
- error_list->push_back(
459
- GRPC_ERROR_CREATE_FROM_VECTOR("metadata", &metadata_error_list));
460
- }
461
- } else if (ParseJsonObjectField(principal_json, "notId", &inner_json,
462
- error_list, /*required=*/false)) {
463
- std::vector<grpc_error_handle> not_rule_error_list;
464
- principal = Rbac::Principal::MakeNotPrincipal(
465
- ParsePrincipal(*inner_json, &not_rule_error_list));
466
- if (!not_rule_error_list.empty()) {
467
- error_list->push_back(
468
- GRPC_ERROR_CREATE_FROM_VECTOR("notId", &not_rule_error_list));
359
+ errors->AddError(string_matcher.status().message());
469
360
  }
470
- } else {
471
- error_list->push_back(
472
- GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid id found"));
361
+ };
362
+ auto check_match = [&](absl::string_view field_name,
363
+ StringMatcher::Type type) {
364
+ auto match = LoadJsonObjectField<std::string>(json.object_value(), args,
365
+ field_name, errors,
366
+ /*required=*/false);
367
+ if (match.has_value()) {
368
+ set_string_matcher(StringMatcher::Create(type, *match, ignore_case));
369
+ return true;
370
+ }
371
+ return false;
372
+ };
373
+ if (check_match("exact", StringMatcher::Type::kExact) ||
374
+ check_match("prefix", StringMatcher::Type::kPrefix) ||
375
+ check_match("suffix", StringMatcher::Type::kSuffix) ||
376
+ check_match("contains", StringMatcher::Type::kContains)) {
377
+ return;
378
+ }
379
+ auto regex_match = LoadJsonObjectField<SafeRegexMatch>(
380
+ json.object_value(), args, "safeRegex", errors,
381
+ /*required=*/false);
382
+ if (regex_match.has_value()) {
383
+ set_string_matcher(StringMatcher::Create(StringMatcher::Type::kSafeRegex,
384
+ regex_match->regex, ignore_case));
385
+ return;
386
+ }
387
+ if (errors->size() == original_error_size) {
388
+ errors->AddError("no valid matcher found");
473
389
  }
474
- return principal;
475
390
  }
476
391
 
477
- Rbac::Policy ParsePolicy(const Json::Object& policy_json,
478
- std::vector<grpc_error_handle>* error_list) {
479
- Rbac::Policy policy;
480
- const Json::Array* permissions_json_array;
392
+ //
393
+ // RbacConfig::RbacPolicy::Rules::Policy::PathMatch
394
+ //
395
+
396
+ const JsonLoaderInterface*
397
+ RbacConfig::RbacPolicy::Rules::Policy::PathMatch::JsonLoader(const JsonArgs&) {
398
+ static const auto* loader =
399
+ JsonObjectLoader<PathMatch>().Field("path", &PathMatch::path).Finish();
400
+ return loader;
401
+ }
402
+
403
+ //
404
+ // RbacConfig::RbacPolicy::Rules::Policy::Metadata
405
+ //
406
+
407
+ const JsonLoaderInterface*
408
+ RbacConfig::RbacPolicy::Rules::Policy::Metadata::JsonLoader(const JsonArgs&) {
409
+ static const auto* loader = JsonObjectLoader<Metadata>()
410
+ .OptionalField("invert", &Metadata::invert)
411
+ .Finish();
412
+ return loader;
413
+ }
414
+
415
+ //
416
+ // RbacConfig::RbacPolicy::Rules::Policy::Permission::PermissionList
417
+ //
418
+
419
+ const JsonLoaderInterface*
420
+ RbacConfig::RbacPolicy::Rules::Policy::Permission::PermissionList::JsonLoader(
421
+ const JsonArgs&) {
422
+ static const auto* loader = JsonObjectLoader<PermissionList>()
423
+ .Field("rules", &PermissionList::rules)
424
+ .Finish();
425
+ return loader;
426
+ }
427
+
428
+ //
429
+ // RbacConfig::RbacPolicy::Rules::Policy::Permission
430
+ //
431
+
432
+ std::vector<std::unique_ptr<Rbac::Permission>>
433
+ RbacConfig::RbacPolicy::Rules::Policy::Permission::MakeRbacPermissionList(
434
+ std::vector<Permission> permission_list) {
481
435
  std::vector<std::unique_ptr<Rbac::Permission>> permissions;
482
- if (ParseJsonObjectField(policy_json, "permissions", &permissions_json_array,
483
- error_list)) {
484
- for (size_t i = 0; i < permissions_json_array->size(); ++i) {
485
- const Json::Object* permission_json;
486
- if (!ExtractJsonType((*permissions_json_array)[i],
487
- absl::StrFormat("permissions[%d]", i),
488
- &permission_json, error_list)) {
489
- continue;
490
- }
491
- std::vector<grpc_error_handle> permission_error_list;
492
- permissions.emplace_back(absl::make_unique<Rbac::Permission>(
493
- ParsePermission(*permission_json, &permission_error_list)));
494
- if (!permission_error_list.empty()) {
495
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
496
- absl::StrFormat("permissions[%d]", i), &permission_error_list));
497
- }
498
- }
436
+ permissions.reserve(permission_list.size());
437
+ for (auto& rule : permission_list) {
438
+ permissions.emplace_back(std::move(rule.permission));
439
+ }
440
+ return permissions;
441
+ }
442
+
443
+ const JsonLoaderInterface*
444
+ RbacConfig::RbacPolicy::Rules::Policy::Permission::JsonLoader(const JsonArgs&) {
445
+ // All fields handled in JsonPostLoad().
446
+ static const auto* loader = JsonObjectLoader<Permission>().Finish();
447
+ return loader;
448
+ }
449
+
450
+ void RbacConfig::RbacPolicy::Rules::Policy::Permission::JsonPostLoad(
451
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
452
+ const size_t original_error_size = errors->size();
453
+ auto any = LoadJsonObjectField<bool>(json.object_value(), args, "any", errors,
454
+ /*required=*/false);
455
+ if (any.has_value()) {
456
+ permission = std::make_unique<Rbac::Permission>(
457
+ Rbac::Permission::MakeAnyPermission());
458
+ return;
459
+ }
460
+ auto header = LoadJsonObjectField<HeaderMatch>(json.object_value(), args,
461
+ "header", errors,
462
+ /*required=*/false);
463
+ if (header.has_value()) {
464
+ permission = std::make_unique<Rbac::Permission>(
465
+ Rbac::Permission::MakeHeaderPermission(std::move(header->matcher)));
466
+ return;
467
+ }
468
+ auto url_path = LoadJsonObjectField<PathMatch>(json.object_value(), args,
469
+ "urlPath", errors,
470
+ /*required=*/false);
471
+ if (url_path.has_value()) {
472
+ permission = std::make_unique<Rbac::Permission>(
473
+ Rbac::Permission::MakePathPermission(url_path->path.matcher));
474
+ return;
499
475
  }
500
- const Json::Array* principals_json_array;
476
+ auto destination_ip = LoadJsonObjectField<CidrRange>(
477
+ json.object_value(), args, "destinationIp", errors,
478
+ /*required=*/false);
479
+ if (destination_ip.has_value()) {
480
+ permission = std::make_unique<Rbac::Permission>(
481
+ Rbac::Permission::MakeDestIpPermission(
482
+ std::move(destination_ip->cidr_range)));
483
+ return;
484
+ }
485
+ auto destination_port = LoadJsonObjectField<uint32_t>(
486
+ json.object_value(), args, "destinationPort", errors,
487
+ /*required=*/false);
488
+ if (destination_port.has_value()) {
489
+ permission = std::make_unique<Rbac::Permission>(
490
+ Rbac::Permission::MakeDestPortPermission(*destination_port));
491
+ return;
492
+ }
493
+ auto metadata = LoadJsonObjectField<Metadata>(json.object_value(), args,
494
+ "metadata", errors,
495
+ /*required=*/false);
496
+ if (metadata.has_value()) {
497
+ permission = std::make_unique<Rbac::Permission>(
498
+ Rbac::Permission::MakeMetadataPermission(metadata->invert));
499
+ return;
500
+ }
501
+ auto requested_server_name = LoadJsonObjectField<StringMatch>(
502
+ json.object_value(), args, "requestedServerName", errors,
503
+ /*required=*/false);
504
+ if (requested_server_name.has_value()) {
505
+ permission = std::make_unique<Rbac::Permission>(
506
+ Rbac::Permission::MakeReqServerNamePermission(
507
+ std::move(requested_server_name->matcher)));
508
+ return;
509
+ }
510
+ auto rules = LoadJsonObjectField<PermissionList>(json.object_value(), args,
511
+ "andRules", errors,
512
+ /*required=*/false);
513
+ if (rules.has_value()) {
514
+ permission =
515
+ std::make_unique<Rbac::Permission>(Rbac::Permission::MakeAndPermission(
516
+ MakeRbacPermissionList(std::move(rules->rules))));
517
+ return;
518
+ }
519
+ rules = LoadJsonObjectField<PermissionList>(json.object_value(), args,
520
+ "orRules", errors,
521
+ /*required=*/false);
522
+ if (rules.has_value()) {
523
+ permission =
524
+ std::make_unique<Rbac::Permission>(Rbac::Permission::MakeOrPermission(
525
+ MakeRbacPermissionList(std::move(rules->rules))));
526
+ return;
527
+ }
528
+ auto not_rule = LoadJsonObjectField<Permission>(json.object_value(), args,
529
+ "notRule", errors,
530
+ /*required=*/false);
531
+ if (not_rule.has_value()) {
532
+ permission = std::make_unique<Rbac::Permission>(
533
+ Rbac::Permission::MakeNotPermission(std::move(*not_rule->permission)));
534
+ return;
535
+ }
536
+ if (errors->size() == original_error_size) {
537
+ errors->AddError("no valid rule found");
538
+ }
539
+ }
540
+
541
+ //
542
+ // RbacConfig::RbacPolicy::Rules::Policy::Principal::PrincipalList
543
+ //
544
+
545
+ const JsonLoaderInterface*
546
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::PrincipalList::JsonLoader(
547
+ const JsonArgs&) {
548
+ static const auto* loader = JsonObjectLoader<PrincipalList>()
549
+ .Field("ids", &PrincipalList::ids)
550
+ .Finish();
551
+ return loader;
552
+ }
553
+
554
+ //
555
+ // RbacConfig::RbacPolicy::Rules::Policy::Principal::Authenticated
556
+ //
557
+
558
+ const JsonLoaderInterface*
559
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::Authenticated::JsonLoader(
560
+ const JsonArgs&) {
561
+ static const auto* loader =
562
+ JsonObjectLoader<Authenticated>()
563
+ .OptionalField("principalName", &Authenticated::principal_name)
564
+ .Finish();
565
+ return loader;
566
+ }
567
+
568
+ //
569
+ // RbacConfig::RbacPolicy::Rules::Policy::Principal
570
+ //
571
+
572
+ std::vector<std::unique_ptr<Rbac::Principal>>
573
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::MakeRbacPrincipalList(
574
+ std::vector<Principal> principal_list) {
501
575
  std::vector<std::unique_ptr<Rbac::Principal>> principals;
502
- if (ParseJsonObjectField(policy_json, "principals", &principals_json_array,
503
- error_list)) {
504
- for (size_t i = 0; i < principals_json_array->size(); ++i) {
505
- const Json::Object* principal_json;
506
- if (!ExtractJsonType((*principals_json_array)[i],
507
- absl::StrFormat("principals[%d]", i),
508
- &principal_json, error_list)) {
509
- continue;
510
- }
511
- std::vector<grpc_error_handle> principal_error_list;
512
- principals.emplace_back(absl::make_unique<Rbac::Principal>(
513
- ParsePrincipal(*principal_json, &principal_error_list)));
514
- if (!principal_error_list.empty()) {
515
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
516
- absl::StrFormat("principals[%d]", i), &principal_error_list));
517
- }
518
- }
576
+ principals.reserve(principal_list.size());
577
+ for (auto& id : principal_list) {
578
+ principals.emplace_back(std::move(id.principal));
519
579
  }
520
- policy.permissions =
521
- Rbac::Permission::MakeOrPermission(std::move(permissions));
522
- policy.principals = Rbac::Principal::MakeOrPrincipal(std::move(principals));
523
- return policy;
580
+ return principals;
524
581
  }
525
582
 
526
- Rbac ParseRbac(const Json::Object& rbac_json,
527
- std::vector<grpc_error_handle>* error_list) {
528
- Rbac rbac;
529
- const Json::Object* rules_json;
530
- if (!ParseJsonObjectField(rbac_json, "rules", &rules_json, error_list,
531
- /*required=*/false)) {
532
- // No enforcing to be applied. An empty deny policy with an empty map is
533
- // equivalent to no enforcing.
534
- return Rbac(Rbac::Action::kDeny, {});
583
+ const JsonLoaderInterface*
584
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::JsonLoader(const JsonArgs&) {
585
+ // All fields handled in JsonPostLoad().
586
+ static const auto* loader = JsonObjectLoader<Principal>().Finish();
587
+ return loader;
588
+ }
589
+
590
+ void RbacConfig::RbacPolicy::Rules::Policy::Principal::JsonPostLoad(
591
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
592
+ const size_t original_error_size = errors->size();
593
+ auto any = LoadJsonObjectField<bool>(json.object_value(), args, "any", errors,
594
+ /*required=*/false);
595
+ if (any.has_value()) {
596
+ principal =
597
+ std::make_unique<Rbac::Principal>(Rbac::Principal::MakeAnyPrincipal());
598
+ return;
535
599
  }
536
- int action;
537
- if (ParseJsonObjectField(*rules_json, "action", &action, error_list)) {
538
- if (action > 1) {
539
- error_list->push_back(
540
- GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unknown action"));
600
+ auto authenticated = LoadJsonObjectField<Authenticated>(
601
+ json.object_value(), args, "authenticated", errors,
602
+ /*required=*/false);
603
+ if (authenticated.has_value()) {
604
+ if (authenticated->principal_name.has_value()) {
605
+ principal = std::make_unique<Rbac::Principal>(
606
+ Rbac::Principal::MakeAuthenticatedPrincipal(
607
+ std::move(authenticated->principal_name->matcher)));
608
+ } else {
609
+ // No principalName found. Match for all users.
610
+ principal = std::make_unique<Rbac::Principal>(
611
+ Rbac::Principal::MakeAnyPrincipal());
541
612
  }
613
+ return;
614
+ }
615
+ auto cidr_range = LoadJsonObjectField<CidrRange>(json.object_value(), args,
616
+ "sourceIp", errors,
617
+ /*required=*/false);
618
+ if (cidr_range.has_value()) {
619
+ principal = std::make_unique<Rbac::Principal>(
620
+ Rbac::Principal::MakeSourceIpPrincipal(
621
+ std::move(cidr_range->cidr_range)));
622
+ return;
623
+ }
624
+ cidr_range = LoadJsonObjectField<CidrRange>(json.object_value(), args,
625
+ "directRemoteIp", errors,
626
+ /*required=*/false);
627
+ if (cidr_range.has_value()) {
628
+ principal = std::make_unique<Rbac::Principal>(
629
+ Rbac::Principal::MakeDirectRemoteIpPrincipal(
630
+ std::move(cidr_range->cidr_range)));
631
+ return;
632
+ }
633
+ cidr_range = LoadJsonObjectField<CidrRange>(json.object_value(), args,
634
+ "remoteIp", errors,
635
+ /*required=*/false);
636
+ if (cidr_range.has_value()) {
637
+ principal = std::make_unique<Rbac::Principal>(
638
+ Rbac::Principal::MakeRemoteIpPrincipal(
639
+ std::move(cidr_range->cidr_range)));
640
+ return;
641
+ }
642
+ auto header = LoadJsonObjectField<HeaderMatch>(json.object_value(), args,
643
+ "header", errors,
644
+ /*required=*/false);
645
+ if (header.has_value()) {
646
+ principal = std::make_unique<Rbac::Principal>(
647
+ Rbac::Principal::MakeHeaderPrincipal(std::move(header->matcher)));
648
+ return;
649
+ }
650
+ auto url_path = LoadJsonObjectField<PathMatch>(json.object_value(), args,
651
+ "urlPath", errors,
652
+ /*required=*/false);
653
+ if (url_path.has_value()) {
654
+ principal = std::make_unique<Rbac::Principal>(
655
+ Rbac::Principal::MakePathPrincipal(std::move(url_path->path.matcher)));
656
+ return;
657
+ }
658
+ auto metadata = LoadJsonObjectField<Metadata>(json.object_value(), args,
659
+ "metadata", errors,
660
+ /*required=*/false);
661
+ if (metadata.has_value()) {
662
+ principal = std::make_unique<Rbac::Principal>(
663
+ Rbac::Principal::MakeMetadataPrincipal(metadata->invert));
664
+ return;
665
+ }
666
+ auto ids = LoadJsonObjectField<PrincipalList>(json.object_value(), args,
667
+ "andIds", errors,
668
+ /*required=*/false);
669
+ if (ids.has_value()) {
670
+ principal =
671
+ std::make_unique<Rbac::Principal>(Rbac::Principal::MakeAndPrincipal(
672
+ MakeRbacPrincipalList(std::move(ids->ids))));
673
+ return;
674
+ }
675
+ ids = LoadJsonObjectField<PrincipalList>(json.object_value(), args, "orIds",
676
+ errors,
677
+ /*required=*/false);
678
+ if (ids.has_value()) {
679
+ principal =
680
+ std::make_unique<Rbac::Principal>(Rbac::Principal::MakeOrPrincipal(
681
+ MakeRbacPrincipalList(std::move(ids->ids))));
682
+ return;
683
+ }
684
+ auto not_rule =
685
+ LoadJsonObjectField<Principal>(json.object_value(), args, "notId", errors,
686
+ /*required=*/false);
687
+ if (not_rule.has_value()) {
688
+ principal = std::make_unique<Rbac::Principal>(
689
+ Rbac::Principal::MakeNotPrincipal(std::move(*not_rule->principal)));
690
+ return;
542
691
  }
692
+ if (errors->size() == original_error_size) {
693
+ errors->AddError("no valid id found");
694
+ }
695
+ }
696
+
697
+ //
698
+ // RbacConfig::RbacPolicy::Rules::Policy
699
+ //
700
+
701
+ Rbac::Policy RbacConfig::RbacPolicy::Rules::Policy::TakeAsRbacPolicy() {
702
+ Rbac::Policy policy;
703
+ policy.permissions = Rbac::Permission::MakeOrPermission(
704
+ Permission::MakeRbacPermissionList(std::move(permissions)));
705
+ policy.principals = Rbac::Principal::MakeOrPrincipal(
706
+ Principal::MakeRbacPrincipalList(std::move(principals)));
707
+ return policy;
708
+ }
709
+
710
+ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::Policy::JsonLoader(
711
+ const JsonArgs&) {
712
+ static const auto* loader = JsonObjectLoader<Policy>()
713
+ .Field("permissions", &Policy::permissions)
714
+ .Field("principals", &Policy::principals)
715
+ .Finish();
716
+ return loader;
717
+ }
718
+
719
+ //
720
+ // RbacConfig::RbacPolicy::Rules
721
+ //
722
+
723
+ Rbac RbacConfig::RbacPolicy::Rules::TakeAsRbac() {
724
+ Rbac rbac;
543
725
  rbac.action = static_cast<Rbac::Action>(action);
544
- const Json::Object* policies_json;
545
- if (ParseJsonObjectField(*rules_json, "policies", &policies_json, error_list,
546
- /*required=*/false)) {
547
- for (const auto& entry : *policies_json) {
548
- std::vector<grpc_error_handle> policy_error_list;
549
- rbac.policies.emplace(
550
- entry.first,
551
- ParsePolicy(entry.second.object_value(), &policy_error_list));
552
- if (!policy_error_list.empty()) {
553
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
554
- absl::StrFormat("policies key:'%s'", entry.first.c_str()),
555
- &policy_error_list));
556
- }
557
- }
726
+ for (auto& p : policies) {
727
+ rbac.policies.emplace(p.first, p.second.TakeAsRbacPolicy());
558
728
  }
559
729
  return rbac;
560
730
  }
561
731
 
562
- std::vector<Rbac> ParseRbacArray(const Json::Array& policies_json_array,
563
- std::vector<grpc_error_handle>* error_list) {
564
- std::vector<Rbac> policies;
565
- for (size_t i = 0; i < policies_json_array.size(); ++i) {
566
- const Json::Object* rbac_json;
567
- if (!ExtractJsonType(policies_json_array[i],
568
- absl::StrFormat("rbacPolicy[%d]", i), &rbac_json,
569
- error_list)) {
570
- continue;
571
- }
572
- std::vector<grpc_error_handle> rbac_policy_error_list;
573
- policies.emplace_back(ParseRbac(*rbac_json, &rbac_policy_error_list));
574
- if (!rbac_policy_error_list.empty()) {
575
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
576
- absl::StrFormat("rbacPolicy[%d]", i), &rbac_policy_error_list));
577
- }
732
+ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::JsonLoader(
733
+ const JsonArgs&) {
734
+ static const auto* loader = JsonObjectLoader<Rules>()
735
+ .Field("action", &Rules::action)
736
+ .OptionalField("policies", &Rules::policies)
737
+ .Finish();
738
+ return loader;
739
+ }
740
+
741
+ void RbacConfig::RbacPolicy::Rules::JsonPostLoad(const Json&, const JsonArgs&,
742
+ ValidationErrors* errors) {
743
+ // Validate action field.
744
+ auto rbac_action = static_cast<Rbac::Action>(action);
745
+ if (rbac_action != Rbac::Action::kAllow &&
746
+ rbac_action != Rbac::Action::kDeny) {
747
+ ValidationErrors::ScopedField field(errors, ".action");
748
+ errors->AddError("unknown action");
749
+ }
750
+ }
751
+
752
+ //
753
+ // RbacConfig::RbacPolicy
754
+ //
755
+
756
+ Rbac RbacConfig::RbacPolicy::TakeAsRbac() {
757
+ if (!rules.has_value()) {
758
+ // No enforcing to be applied. An empty deny policy with an empty map
759
+ // is equivalent to no enforcing.
760
+ return Rbac(Rbac::Action::kDeny, {});
578
761
  }
579
- return policies;
762
+ return rules->TakeAsRbac();
763
+ }
764
+
765
+ const JsonLoaderInterface* RbacConfig::RbacPolicy::JsonLoader(const JsonArgs&) {
766
+ static const auto* loader = JsonObjectLoader<RbacPolicy>()
767
+ .OptionalField("rules", &RbacPolicy::rules)
768
+ .Finish();
769
+ return loader;
770
+ }
771
+
772
+ //
773
+ // RbacConfig
774
+ //
775
+
776
+ std::vector<Rbac> RbacConfig::TakeAsRbacList() {
777
+ std::vector<Rbac> rbac_list;
778
+ rbac_list.reserve(rbac_policies.size());
779
+ for (auto& rbac_policy : rbac_policies) {
780
+ rbac_list.emplace_back(rbac_policy.TakeAsRbac());
781
+ }
782
+ return rbac_list;
783
+ }
784
+
785
+ const JsonLoaderInterface* RbacConfig::JsonLoader(const JsonArgs&) {
786
+ static const auto* loader =
787
+ JsonObjectLoader<RbacConfig>()
788
+ .Field("rbacPolicy", &RbacConfig::rbac_policies)
789
+ .Finish();
790
+ return loader;
580
791
  }
581
792
 
582
793
  } // namespace
583
794
 
584
- absl::StatusOr<std::unique_ptr<ServiceConfigParser::ParsedConfig>>
795
+ std::unique_ptr<ServiceConfigParser::ParsedConfig>
585
796
  RbacServiceConfigParser::ParsePerMethodParams(const ChannelArgs& args,
586
- const Json& json) {
797
+ const Json& json,
798
+ ValidationErrors* errors) {
587
799
  // Only parse rbac policy if the channel arg is present
588
800
  if (!args.GetBool(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG).value_or(false)) {
589
801
  return nullptr;
590
802
  }
591
- std::vector<Rbac> rbac_policies;
592
- std::vector<grpc_error_handle> error_list;
593
- const Json::Array* policies_json_array;
594
- if (ParseJsonObjectField(json.object_value(), "rbacPolicy",
595
- &policies_json_array, &error_list)) {
596
- rbac_policies = ParseRbacArray(*policies_json_array, &error_list);
597
- }
598
- grpc_error_handle error =
599
- GRPC_ERROR_CREATE_FROM_VECTOR("Rbac parser", &error_list);
600
- if (!GRPC_ERROR_IS_NONE(error)) {
601
- absl::Status status = absl::InvalidArgumentError(
602
- absl::StrCat("error parsing RBAC method parameters: ",
603
- grpc_error_std_string(error)));
604
- GRPC_ERROR_UNREF(error);
605
- return status;
606
- }
803
+ auto rbac_config = LoadFromJson<RbacConfig>(json, JsonArgs(), errors);
804
+ std::vector<Rbac> rbac_policies = rbac_config.TakeAsRbacList();
607
805
  if (rbac_policies.empty()) return nullptr;
608
- return absl::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies));
806
+ return std::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies));
609
807
  }
610
808
 
611
809
  void RbacServiceConfigParser::Register(CoreConfiguration::Builder* builder) {
612
810
  builder->service_config_parser()->RegisterParser(
613
- absl::make_unique<RbacServiceConfigParser>());
811
+ std::make_unique<RbacServiceConfigParser>());
614
812
  }
615
813
 
616
814
  size_t RbacServiceConfigParser::ParserIndex() {