grpc 1.50.0.pre1 → 1.51.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (459) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +131 -42
  3. data/include/grpc/event_engine/event_engine.h +10 -3
  4. data/include/grpc/event_engine/slice_buffer.h +17 -0
  5. data/include/grpc/grpc.h +0 -10
  6. data/include/grpc/impl/codegen/grpc_types.h +1 -5
  7. data/include/grpc/impl/codegen/port_platform.h +0 -3
  8. data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +19 -13
  9. data/src/core/ext/filters/channel_idle/channel_idle_filter.h +1 -0
  10. data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
  11. data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -5
  12. data/src/core/ext/filters/client_channel/client_channel.cc +120 -140
  13. data/src/core/ext/filters/client_channel/client_channel.h +3 -4
  14. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -2
  15. data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
  16. data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
  17. data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
  18. data/src/core/ext/filters/client_channel/connector.h +1 -1
  19. data/src/core/ext/filters/client_channel/dynamic_filters.cc +20 -47
  20. data/src/core/ext/filters/client_channel/dynamic_filters.h +7 -8
  21. data/src/core/ext/filters/client_channel/health/health_check_client.cc +3 -4
  22. data/src/core/ext/filters/client_channel/http_proxy.cc +0 -1
  23. data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
  24. data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +5 -0
  25. data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +8 -7
  26. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -44
  27. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
  28. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -3
  29. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +3 -4
  30. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +1 -1
  31. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +41 -29
  32. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -2
  33. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +9 -11
  34. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -12
  35. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +8 -10
  36. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +26 -27
  37. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +7 -9
  38. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +44 -26
  39. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +17 -27
  40. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
  41. data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
  42. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -7
  43. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +48 -47
  44. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -126
  45. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +364 -0
  46. data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -9
  47. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -32
  48. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -2
  49. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +22 -23
  50. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +50 -52
  51. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
  52. data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -4
  53. data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
  54. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -26
  55. data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +3 -4
  56. data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
  57. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +63 -46
  58. data/src/core/ext/filters/client_channel/retry_filter.cc +80 -102
  59. data/src/core/ext/filters/client_channel/retry_service_config.cc +192 -234
  60. data/src/core/ext/filters/client_channel/retry_service_config.h +20 -23
  61. data/src/core/ext/filters/client_channel/retry_throttle.cc +8 -8
  62. data/src/core/ext/filters/client_channel/retry_throttle.h +8 -7
  63. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
  64. data/src/core/ext/filters/client_channel/subchannel.cc +21 -25
  65. data/src/core/ext/filters/client_channel/subchannel.h +2 -2
  66. data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +11 -12
  67. data/src/core/ext/filters/deadline/deadline_filter.cc +13 -14
  68. data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
  69. data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -4
  70. data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
  71. data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
  72. data/src/core/ext/filters/http/client/http_client_filter.cc +16 -16
  73. data/src/core/ext/filters/http/client_authority_filter.cc +1 -1
  74. data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +13 -13
  75. data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +34 -34
  76. data/src/core/ext/filters/http/server/http_server_filter.cc +26 -25
  77. data/src/core/ext/filters/message_size/message_size_filter.cc +86 -117
  78. data/src/core/ext/filters/message_size/message_size_filter.h +22 -15
  79. data/src/core/ext/filters/rbac/rbac_filter.cc +12 -12
  80. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +728 -530
  81. data/src/core/ext/filters/rbac/rbac_service_config_parser.h +4 -3
  82. data/src/core/ext/filters/server_config_selector/server_config_selector.h +1 -1
  83. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -7
  84. data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +17 -21
  85. data/src/core/ext/transport/chttp2/server/chttp2_server.cc +57 -72
  86. data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +5 -5
  87. data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -1
  88. data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +212 -253
  89. data/src/core/ext/transport/chttp2/transport/flow_control.cc +42 -11
  90. data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -3
  91. data/src/core/ext/transport/chttp2/transport/frame_data.cc +16 -15
  92. data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
  93. data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +13 -13
  94. data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -3
  95. data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +10 -7
  96. data/src/core/ext/transport/chttp2/transport/frame_settings.cc +15 -17
  97. data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +5 -4
  98. data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +5 -6
  99. data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -1
  100. data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -1
  101. data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +31 -39
  102. data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +7 -6
  103. data/src/core/ext/transport/chttp2/transport/internal.h +24 -8
  104. data/src/core/ext/transport/chttp2/transport/parsing.cc +51 -52
  105. data/src/core/ext/transport/chttp2/transport/varint.cc +2 -3
  106. data/src/core/ext/transport/chttp2/transport/varint.h +11 -8
  107. data/src/core/ext/transport/chttp2/transport/writing.cc +16 -16
  108. data/src/core/ext/transport/inproc/inproc_transport.cc +97 -115
  109. data/src/core/ext/xds/certificate_provider_store.cc +4 -4
  110. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +4 -7
  111. data/src/core/ext/xds/xds_api.cc +15 -68
  112. data/src/core/ext/xds/xds_api.h +3 -7
  113. data/src/core/ext/xds/xds_bootstrap.h +0 -1
  114. data/src/core/ext/xds/xds_bootstrap_grpc.cc +3 -12
  115. data/src/core/ext/xds/xds_bootstrap_grpc.h +16 -1
  116. data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
  117. data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -1
  118. data/src/core/ext/xds/xds_client.cc +122 -90
  119. data/src/core/ext/xds/xds_client.h +7 -2
  120. data/src/core/ext/xds/xds_client_grpc.cc +5 -24
  121. data/src/core/ext/xds/xds_cluster.cc +291 -183
  122. data/src/core/ext/xds/xds_cluster.h +11 -15
  123. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +32 -29
  124. data/src/core/ext/xds/xds_cluster_specifier_plugin.h +35 -16
  125. data/src/core/ext/xds/xds_common_types.cc +208 -141
  126. data/src/core/ext/xds/xds_common_types.h +19 -13
  127. data/src/core/ext/xds/xds_endpoint.cc +214 -129
  128. data/src/core/ext/xds/xds_endpoint.h +4 -7
  129. data/src/core/ext/xds/xds_http_fault_filter.cc +56 -43
  130. data/src/core/ext/xds/xds_http_fault_filter.h +13 -21
  131. data/src/core/ext/xds/xds_http_filters.cc +60 -73
  132. data/src/core/ext/xds/xds_http_filters.h +67 -19
  133. data/src/core/ext/xds/xds_http_rbac_filter.cc +152 -207
  134. data/src/core/ext/xds/xds_http_rbac_filter.h +12 -15
  135. data/src/core/ext/xds/xds_lb_policy_registry.cc +122 -169
  136. data/src/core/ext/xds/xds_lb_policy_registry.h +10 -11
  137. data/src/core/ext/xds/xds_listener.cc +459 -417
  138. data/src/core/ext/xds/xds_listener.h +43 -47
  139. data/src/core/ext/xds/xds_resource_type.h +3 -11
  140. data/src/core/ext/xds/xds_resource_type_impl.h +8 -13
  141. data/src/core/ext/xds/xds_route_config.cc +94 -80
  142. data/src/core/ext/xds/xds_route_config.h +10 -10
  143. data/src/core/ext/xds/xds_routing.cc +2 -1
  144. data/src/core/ext/xds/xds_routing.h +2 -0
  145. data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -94
  146. data/src/core/ext/xds/xds_transport_grpc.cc +4 -5
  147. data/src/core/lib/address_utils/parse_address.cc +11 -10
  148. data/src/core/lib/channel/channel_args.h +16 -1
  149. data/src/core/lib/channel/channel_stack.cc +23 -20
  150. data/src/core/lib/channel/channel_stack.h +17 -4
  151. data/src/core/lib/channel/channel_stack_builder.cc +4 -7
  152. data/src/core/lib/channel/channel_stack_builder.h +14 -6
  153. data/src/core/lib/channel/channel_stack_builder_impl.cc +25 -7
  154. data/src/core/lib/channel/channel_stack_builder_impl.h +2 -0
  155. data/src/core/lib/channel/channel_trace.cc +4 -5
  156. data/src/core/lib/channel/channelz.cc +1 -1
  157. data/src/core/lib/channel/connected_channel.cc +695 -35
  158. data/src/core/lib/channel/connected_channel.h +0 -4
  159. data/src/core/lib/channel/promise_based_filter.cc +1004 -140
  160. data/src/core/lib/channel/promise_based_filter.h +364 -87
  161. data/src/core/lib/compression/message_compress.cc +5 -5
  162. data/src/core/lib/debug/event_log.cc +88 -0
  163. data/src/core/lib/debug/event_log.h +81 -0
  164. data/src/core/lib/debug/histogram_view.cc +69 -0
  165. data/src/core/lib/{slice/slice_refcount.cc → debug/histogram_view.h} +15 -13
  166. data/src/core/lib/debug/stats.cc +22 -119
  167. data/src/core/lib/debug/stats.h +29 -35
  168. data/src/core/lib/debug/stats_data.cc +224 -73
  169. data/src/core/lib/debug/stats_data.h +263 -122
  170. data/src/core/lib/event_engine/common_closures.h +71 -0
  171. data/src/core/lib/event_engine/default_event_engine.cc +38 -15
  172. data/src/core/lib/event_engine/default_event_engine.h +15 -3
  173. data/src/core/lib/event_engine/default_event_engine_factory.cc +2 -4
  174. data/src/core/lib/event_engine/memory_allocator.cc +1 -1
  175. data/src/core/lib/event_engine/poller.h +10 -4
  176. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +618 -0
  177. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +129 -0
  178. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +901 -0
  179. data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
  180. data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
  181. data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +74 -0
  182. data/src/core/lib/event_engine/{executor/threaded_executor.cc → posix_engine/event_poller_posix_default.h} +13 -16
  183. data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
  184. data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
  185. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +267 -0
  186. data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
  187. data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1270 -0
  188. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +682 -0
  189. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +453 -18
  190. data/src/core/lib/event_engine/posix_engine/posix_engine.h +148 -24
  191. data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
  192. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +1081 -0
  193. data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +361 -0
  194. data/src/core/lib/event_engine/posix_engine/timer.h +9 -8
  195. data/src/core/lib/event_engine/posix_engine/timer_manager.cc +57 -194
  196. data/src/core/lib/event_engine/posix_engine/timer_manager.h +21 -49
  197. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +301 -0
  198. data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +179 -0
  199. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +126 -0
  200. data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
  201. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +151 -0
  202. data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
  203. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
  204. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
  205. data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
  206. data/src/core/lib/event_engine/slice.cc +7 -6
  207. data/src/core/lib/event_engine/slice_buffer.cc +2 -2
  208. data/src/core/lib/event_engine/thread_pool.cc +106 -25
  209. data/src/core/lib/event_engine/thread_pool.h +32 -9
  210. data/src/core/lib/event_engine/windows/win_socket.cc +7 -7
  211. data/src/core/lib/event_engine/windows/windows_engine.cc +18 -12
  212. data/src/core/lib/event_engine/windows/windows_engine.h +8 -4
  213. data/src/core/lib/experiments/config.cc +1 -1
  214. data/src/core/lib/experiments/experiments.cc +13 -2
  215. data/src/core/lib/experiments/experiments.h +8 -1
  216. data/src/core/lib/gpr/cpu_linux.cc +6 -2
  217. data/src/core/lib/gpr/log_linux.cc +3 -4
  218. data/src/core/lib/gpr/string.h +1 -1
  219. data/src/core/lib/gpr/tmpfile_posix.cc +3 -2
  220. data/src/core/lib/gprpp/load_file.cc +75 -0
  221. data/src/core/lib/gprpp/load_file.h +33 -0
  222. data/src/core/lib/gprpp/per_cpu.h +46 -0
  223. data/src/core/lib/gprpp/stat_posix.cc +5 -4
  224. data/src/core/lib/gprpp/stat_windows.cc +3 -2
  225. data/src/core/lib/gprpp/status_helper.h +1 -3
  226. data/src/core/lib/gprpp/strerror.cc +41 -0
  227. data/src/core/{ext/xds/xds_resource_type.cc → lib/gprpp/strerror.h} +9 -13
  228. data/src/core/lib/gprpp/thd_windows.cc +1 -2
  229. data/src/core/lib/gprpp/time.cc +3 -4
  230. data/src/core/lib/gprpp/time.h +13 -2
  231. data/src/core/lib/gprpp/validation_errors.h +18 -1
  232. data/src/core/lib/http/httpcli.cc +40 -44
  233. data/src/core/lib/http/httpcli.h +6 -5
  234. data/src/core/lib/http/httpcli_security_connector.cc +4 -6
  235. data/src/core/lib/http/parser.cc +54 -65
  236. data/src/core/lib/iomgr/buffer_list.cc +105 -116
  237. data/src/core/lib/iomgr/buffer_list.h +60 -44
  238. data/src/core/lib/iomgr/call_combiner.cc +11 -10
  239. data/src/core/lib/iomgr/call_combiner.h +3 -4
  240. data/src/core/lib/iomgr/cfstream_handle.cc +13 -16
  241. data/src/core/lib/iomgr/closure.h +49 -5
  242. data/src/core/lib/iomgr/combiner.cc +2 -2
  243. data/src/core/lib/iomgr/endpoint.h +1 -1
  244. data/src/core/lib/iomgr/endpoint_cfstream.cc +26 -25
  245. data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
  246. data/src/core/lib/iomgr/error.cc +27 -42
  247. data/src/core/lib/iomgr/error.h +22 -152
  248. data/src/core/lib/iomgr/ev_apple.cc +4 -4
  249. data/src/core/lib/iomgr/ev_epoll1_linux.cc +26 -25
  250. data/src/core/lib/iomgr/ev_poll_posix.cc +27 -31
  251. data/src/core/lib/iomgr/exec_ctx.cc +3 -4
  252. data/src/core/lib/iomgr/exec_ctx.h +2 -3
  253. data/src/core/lib/iomgr/executor.cc +1 -2
  254. data/src/core/lib/iomgr/internal_errqueue.cc +3 -1
  255. data/src/core/lib/iomgr/iocp_windows.cc +1 -0
  256. data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
  257. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -1
  258. data/src/core/lib/iomgr/iomgr_windows.cc +2 -1
  259. data/src/core/lib/iomgr/load_file.cc +5 -9
  260. data/src/core/lib/iomgr/lockfree_event.cc +10 -10
  261. data/src/core/lib/iomgr/pollset_windows.cc +4 -4
  262. data/src/core/lib/iomgr/python_util.h +2 -2
  263. data/src/core/lib/iomgr/resolve_address.cc +8 -3
  264. data/src/core/lib/iomgr/resolve_address.h +3 -4
  265. data/src/core/lib/iomgr/resolve_address_impl.h +1 -1
  266. data/src/core/lib/iomgr/resolve_address_posix.cc +14 -25
  267. data/src/core/lib/iomgr/resolve_address_posix.h +1 -2
  268. data/src/core/lib/iomgr/resolve_address_windows.cc +14 -17
  269. data/src/core/lib/iomgr/resolve_address_windows.h +1 -2
  270. data/src/core/lib/iomgr/socket_utils_common_posix.cc +30 -29
  271. data/src/core/lib/iomgr/socket_utils_posix.cc +1 -0
  272. data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
  273. data/src/core/lib/iomgr/socket_windows.cc +2 -2
  274. data/src/core/lib/iomgr/tcp_client_cfstream.cc +6 -10
  275. data/src/core/lib/iomgr/tcp_client_posix.cc +31 -35
  276. data/src/core/lib/iomgr/tcp_client_windows.cc +8 -12
  277. data/src/core/lib/iomgr/tcp_posix.cc +92 -108
  278. data/src/core/lib/iomgr/tcp_server_posix.cc +34 -34
  279. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  280. data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +18 -21
  281. data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -13
  282. data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +1 -1
  283. data/src/core/lib/iomgr/tcp_server_windows.cc +26 -29
  284. data/src/core/lib/iomgr/tcp_windows.cc +27 -34
  285. data/src/core/lib/iomgr/timer.h +8 -8
  286. data/src/core/lib/iomgr/timer_generic.cc +9 -15
  287. data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -4
  288. data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +4 -3
  289. data/src/core/lib/iomgr/wakeup_fd_pipe.cc +10 -8
  290. data/src/core/lib/json/json_channel_args.h +42 -0
  291. data/src/core/lib/json/json_object_loader.cc +7 -2
  292. data/src/core/lib/json/json_object_loader.h +22 -0
  293. data/src/core/lib/json/json_util.cc +5 -5
  294. data/src/core/lib/json/json_util.h +4 -4
  295. data/src/core/lib/load_balancing/lb_policy.cc +1 -1
  296. data/src/core/lib/load_balancing/lb_policy.h +4 -0
  297. data/src/core/lib/load_balancing/subchannel_interface.h +0 -7
  298. data/src/core/lib/matchers/matchers.cc +3 -4
  299. data/src/core/lib/promise/activity.cc +16 -2
  300. data/src/core/lib/promise/activity.h +38 -15
  301. data/src/core/lib/promise/arena_promise.h +80 -51
  302. data/src/core/lib/promise/context.h +13 -6
  303. data/src/core/lib/promise/detail/basic_seq.h +9 -28
  304. data/src/core/lib/promise/detail/promise_factory.h +58 -10
  305. data/src/core/lib/promise/detail/status.h +28 -0
  306. data/src/core/lib/promise/detail/switch.h +1455 -0
  307. data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +3 -1
  308. data/src/core/lib/promise/for_each.h +129 -0
  309. data/src/core/lib/promise/loop.h +7 -5
  310. data/src/core/lib/promise/map_pipe.h +87 -0
  311. data/src/core/lib/promise/pipe.cc +19 -0
  312. data/src/core/lib/promise/pipe.h +505 -0
  313. data/src/core/lib/promise/poll.h +13 -0
  314. data/src/core/lib/promise/seq.h +3 -5
  315. data/src/core/lib/promise/sleep.cc +5 -4
  316. data/src/core/lib/promise/sleep.h +1 -2
  317. data/src/core/lib/promise/try_concurrently.h +341 -0
  318. data/src/core/lib/promise/try_seq.h +10 -13
  319. data/src/core/lib/resolver/server_address.cc +1 -0
  320. data/src/core/lib/resolver/server_address.h +1 -3
  321. data/src/core/lib/resource_quota/api.cc +0 -1
  322. data/src/core/lib/resource_quota/arena.cc +19 -0
  323. data/src/core/lib/resource_quota/arena.h +89 -0
  324. data/src/core/lib/resource_quota/memory_quota.cc +1 -0
  325. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +1 -3
  326. data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
  327. data/src/core/lib/security/authorization/matchers.cc +25 -22
  328. data/src/core/lib/security/authorization/rbac_policy.cc +2 -3
  329. data/src/core/lib/security/context/security_context.h +10 -0
  330. data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
  331. data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
  332. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +77 -55
  333. data/src/core/lib/security/credentials/external/aws_request_signer.cc +4 -3
  334. data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -51
  335. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +17 -21
  336. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +21 -25
  337. data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -0
  338. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -24
  339. data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -0
  340. data/src/core/lib/security/credentials/jwt/json_token.cc +1 -2
  341. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
  342. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -5
  343. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +24 -30
  344. data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -5
  345. data/src/core/lib/security/credentials/plugin/plugin_credentials.h +3 -3
  346. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +19 -27
  347. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +4 -11
  348. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +29 -41
  349. data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
  350. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +6 -11
  351. data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +8 -15
  352. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
  353. data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +2 -6
  354. data/src/core/lib/security/security_connector/load_system_roots_supported.cc +1 -4
  355. data/src/core/lib/security/security_connector/local/local_security_connector.cc +7 -11
  356. data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +9 -14
  357. data/src/core/lib/security/security_connector/ssl_utils.cc +5 -7
  358. data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +21 -27
  359. data/src/core/lib/security/transport/client_auth_filter.cc +1 -1
  360. data/src/core/lib/security/transport/secure_endpoint.cc +26 -28
  361. data/src/core/lib/security/transport/security_handshaker.cc +53 -53
  362. data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
  363. data/src/core/lib/security/transport/tsi_error.cc +6 -3
  364. data/src/core/lib/security/util/json_util.cc +4 -5
  365. data/src/core/lib/service_config/service_config.h +1 -1
  366. data/src/core/lib/service_config/service_config_impl.cc +111 -158
  367. data/src/core/lib/service_config/service_config_impl.h +14 -17
  368. data/src/core/lib/service_config/service_config_parser.cc +14 -31
  369. data/src/core/lib/service_config/service_config_parser.h +14 -10
  370. data/src/core/lib/slice/b64.cc +2 -2
  371. data/src/core/lib/slice/slice.cc +7 -1
  372. data/src/core/lib/slice/slice.h +19 -6
  373. data/src/core/lib/slice/slice_buffer.cc +13 -14
  374. data/src/core/lib/slice/slice_internal.h +13 -21
  375. data/src/core/lib/slice/slice_refcount.h +34 -19
  376. data/src/core/lib/surface/byte_buffer.cc +3 -4
  377. data/src/core/lib/surface/byte_buffer_reader.cc +4 -4
  378. data/src/core/lib/surface/call.cc +1366 -239
  379. data/src/core/lib/surface/call.h +44 -0
  380. data/src/core/lib/surface/call_details.cc +3 -3
  381. data/src/core/lib/surface/call_trace.cc +113 -0
  382. data/src/core/lib/surface/call_trace.h +30 -0
  383. data/src/core/lib/surface/channel.cc +44 -49
  384. data/src/core/lib/surface/channel.h +9 -1
  385. data/src/core/lib/surface/channel_ping.cc +1 -1
  386. data/src/core/lib/surface/channel_stack_type.cc +4 -0
  387. data/src/core/lib/surface/channel_stack_type.h +2 -0
  388. data/src/core/lib/surface/completion_queue.cc +38 -52
  389. data/src/core/lib/surface/init.cc +8 -39
  390. data/src/core/lib/surface/init_internally.h +8 -0
  391. data/src/core/lib/surface/lame_client.cc +10 -8
  392. data/src/core/lib/surface/server.cc +48 -70
  393. data/src/core/lib/surface/server.h +3 -4
  394. data/src/core/lib/surface/validate_metadata.cc +11 -12
  395. data/src/core/lib/surface/version.cc +2 -2
  396. data/src/core/lib/transport/connectivity_state.cc +2 -2
  397. data/src/core/lib/transport/error_utils.cc +34 -28
  398. data/src/core/lib/transport/error_utils.h +3 -3
  399. data/src/core/lib/transport/handshaker.cc +14 -14
  400. data/src/core/lib/transport/handshaker.h +1 -1
  401. data/src/core/lib/transport/handshaker_factory.h +26 -0
  402. data/src/core/lib/transport/handshaker_registry.cc +8 -2
  403. data/src/core/lib/transport/handshaker_registry.h +3 -4
  404. data/src/core/lib/transport/http_connect_handshaker.cc +23 -24
  405. data/src/core/lib/transport/metadata_batch.h +17 -1
  406. data/src/core/lib/transport/parsed_metadata.cc +2 -6
  407. data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -20
  408. data/src/core/lib/transport/transport.cc +63 -17
  409. data/src/core/lib/transport/transport.h +64 -68
  410. data/src/core/lib/transport/transport_impl.h +1 -1
  411. data/src/core/lib/transport/transport_op_string.cc +7 -6
  412. data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -10
  413. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -14
  414. data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +10 -10
  415. data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +8 -8
  416. data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -1
  417. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +7 -7
  418. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +7 -6
  419. data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
  420. data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -5
  421. data/src/core/tsi/fake_transport_security.cc +3 -3
  422. data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +7 -3
  423. data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
  424. data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +6 -2
  425. data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +0 -2
  426. data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +0 -3
  427. data/src/ruby/lib/grpc/version.rb +1 -1
  428. data/src/ruby/spec/channel_spec.rb +0 -43
  429. data/src/ruby/spec/generic/active_call_spec.rb +12 -3
  430. data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
  431. data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
  432. data/third_party/zlib/compress.c +3 -3
  433. data/third_party/zlib/crc32.c +21 -12
  434. data/third_party/zlib/deflate.c +112 -106
  435. data/third_party/zlib/deflate.h +2 -2
  436. data/third_party/zlib/gzlib.c +1 -1
  437. data/third_party/zlib/gzread.c +3 -5
  438. data/third_party/zlib/gzwrite.c +1 -1
  439. data/third_party/zlib/infback.c +10 -7
  440. data/third_party/zlib/inflate.c +5 -2
  441. data/third_party/zlib/inftrees.c +2 -2
  442. data/third_party/zlib/inftrees.h +1 -1
  443. data/third_party/zlib/trees.c +61 -62
  444. data/third_party/zlib/uncompr.c +2 -2
  445. data/third_party/zlib/zconf.h +16 -3
  446. data/third_party/zlib/zlib.h +10 -10
  447. data/third_party/zlib/zutil.c +9 -7
  448. data/third_party/zlib/zutil.h +1 -0
  449. metadata +57 -20
  450. data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
  451. data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
  452. data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
  453. data/src/core/lib/gpr/murmur_hash.cc +0 -82
  454. data/src/core/lib/gpr/murmur_hash.h +0 -29
  455. data/src/core/lib/gpr/tls.h +0 -156
  456. data/src/core/lib/promise/call_push_pull.h +0 -148
  457. data/src/core/lib/slice/slice_api.cc +0 -39
  458. data/src/core/lib/slice/slice_buffer_api.cc +0 -35
  459. data/src/core/lib/slice/slice_refcount_base.h +0 -60
@@ -18,599 +18,797 @@
18
18
 
19
19
  #include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
20
20
 
21
- #include <stdint.h>
22
-
21
+ #include <cstdint>
23
22
  #include <map>
24
23
  #include <string>
25
24
 
26
- #include "absl/memory/memory.h"
27
25
  #include "absl/status/status.h"
28
26
  #include "absl/status/statusor.h"
29
- #include "absl/strings/str_cat.h"
30
- #include "absl/strings/str_format.h"
31
27
  #include "absl/types/optional.h"
32
28
 
33
29
  #include "src/core/lib/channel/channel_args.h"
34
- #include "src/core/lib/iomgr/error.h"
35
- #include "src/core/lib/json/json_util.h"
30
+ #include "src/core/lib/json/json_args.h"
31
+ #include "src/core/lib/json/json_object_loader.h"
36
32
  #include "src/core/lib/matchers/matchers.h"
37
- #include "src/core/lib/transport/error_utils.h"
38
33
 
39
34
  namespace grpc_core {
40
35
 
41
36
  namespace {
42
37
 
43
- std::string ParseRegexMatcher(const Json::Object& regex_matcher_json,
44
- std::vector<grpc_error_handle>* error_list) {
45
- std::string regex;
46
- ParseJsonObjectField(regex_matcher_json, "regex", &regex, error_list);
47
- return regex;
38
+ // RbacConfig: one or more RbacPolicy structs
39
+ struct RbacConfig {
40
+ // RbacPolicy: optional Rules
41
+ struct RbacPolicy {
42
+ // Rules: an action, plus a map of policy names to Policy structs
43
+ struct Rules {
44
+ // Policy: a list of Permissions and a list of Principals
45
+ struct Policy {
46
+ // CidrRange: represents an IP range
47
+ struct CidrRange {
48
+ Rbac::CidrRange cidr_range;
49
+
50
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
51
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
52
+ ValidationErrors* errors);
53
+ };
54
+
55
+ // SafeRegexMatch: a regex matcher
56
+ struct SafeRegexMatch {
57
+ std::string regex;
58
+
59
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
60
+ };
61
+
62
+ // HeaderMatch: a matcher for HTTP headers
63
+ struct HeaderMatch {
64
+ // RangeMatch: matches a range of numerical values
65
+ struct RangeMatch {
66
+ int64_t start;
67
+ int64_t end;
68
+
69
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
70
+ };
71
+
72
+ HeaderMatcher matcher;
73
+
74
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
75
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
76
+ ValidationErrors* errors);
77
+ };
78
+
79
+ // StringMatch: a matcher for strings
80
+ struct StringMatch {
81
+ StringMatcher matcher;
82
+
83
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
84
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
85
+ ValidationErrors* errors);
86
+ };
87
+
88
+ // PathMatch: a matcher for paths
89
+ struct PathMatch {
90
+ StringMatch path;
91
+
92
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
93
+ };
94
+
95
+ // Metadata: a matcher for Envoy metadata (not really applicable
96
+ // to gRPC; we use only the invert field for proper match semantics)
97
+ struct Metadata {
98
+ bool invert = false;
99
+
100
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
101
+ };
102
+
103
+ // Permission: a matcher for request attributes
104
+ struct Permission {
105
+ // PermissionList: a list used for "and" and "or" matchers
106
+ struct PermissionList {
107
+ std::vector<Permission> rules;
108
+
109
+ PermissionList() = default;
110
+ PermissionList(const PermissionList&) = delete;
111
+ PermissionList& operator=(const PermissionList&) = delete;
112
+ PermissionList(PermissionList&&) = default;
113
+ PermissionList& operator=(PermissionList&&) = default;
114
+
115
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
116
+ };
117
+
118
+ std::unique_ptr<Rbac::Permission> permission;
119
+
120
+ Permission() = default;
121
+ Permission(const Permission&) = delete;
122
+ Permission& operator=(const Permission&) = delete;
123
+ Permission(Permission&&) = default;
124
+ Permission& operator=(Permission&&) = default;
125
+
126
+ static std::vector<std::unique_ptr<Rbac::Permission>>
127
+ MakeRbacPermissionList(std::vector<Permission> permission_list);
128
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
129
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
130
+ ValidationErrors* errors);
131
+ };
132
+
133
+ // Principal: a matcher for client identity
134
+ struct Principal {
135
+ // PrincipalList: a list used for "and" and "or" matchers
136
+ struct PrincipalList {
137
+ std::vector<Principal> ids;
138
+
139
+ PrincipalList() = default;
140
+ PrincipalList(const PrincipalList&) = delete;
141
+ PrincipalList& operator=(const PrincipalList&) = delete;
142
+ PrincipalList(PrincipalList&&) = default;
143
+ PrincipalList& operator=(PrincipalList&&) = default;
144
+
145
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
146
+ };
147
+
148
+ struct Authenticated {
149
+ absl::optional<StringMatch> principal_name;
150
+
151
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
152
+ };
153
+
154
+ std::unique_ptr<Rbac::Principal> principal;
155
+
156
+ Principal() = default;
157
+ Principal(const Principal&) = delete;
158
+ Principal& operator=(const Principal&) = delete;
159
+ Principal(Principal&&) = default;
160
+ Principal& operator=(Principal&&) = default;
161
+
162
+ static std::vector<std::unique_ptr<Rbac::Principal>>
163
+ MakeRbacPrincipalList(std::vector<Principal> principal_list);
164
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
165
+ void JsonPostLoad(const Json& json, const JsonArgs& args,
166
+ ValidationErrors* errors);
167
+ };
168
+
169
+ std::vector<Permission> permissions;
170
+ std::vector<Principal> principals;
171
+
172
+ Policy() = default;
173
+ Policy(const Policy&) = delete;
174
+ Policy& operator=(const Policy&) = delete;
175
+ Policy(Policy&&) = default;
176
+ Policy& operator=(Policy&&) = default;
177
+
178
+ Rbac::Policy TakeAsRbacPolicy();
179
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
180
+ };
181
+
182
+ int action;
183
+ std::map<std::string, Policy> policies;
184
+
185
+ Rules() = default;
186
+ Rules(const Rules&) = delete;
187
+ Rules& operator=(const Rules&) = delete;
188
+ Rules(Rules&&) = default;
189
+ Rules& operator=(Rules&&) = default;
190
+
191
+ Rbac TakeAsRbac();
192
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
193
+ void JsonPostLoad(const Json&, const JsonArgs&, ValidationErrors* errors);
194
+ };
195
+
196
+ absl::optional<Rules> rules;
197
+
198
+ Rbac TakeAsRbac();
199
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
200
+ };
201
+
202
+ std::vector<RbacPolicy> rbac_policies;
203
+
204
+ std::vector<Rbac> TakeAsRbacList();
205
+ static const JsonLoaderInterface* JsonLoader(const JsonArgs&);
206
+ };
207
+
208
+ //
209
+ // RbacConfig::RbacPolicy::Rules::Policy::CidrRange
210
+ //
211
+
212
+ const JsonLoaderInterface*
213
+ RbacConfig::RbacPolicy::Rules::Policy::CidrRange::JsonLoader(const JsonArgs&) {
214
+ // All fields handled in JsonPostLoad().
215
+ static const auto* loader = JsonObjectLoader<CidrRange>().Finish();
216
+ return loader;
48
217
  }
49
218
 
50
- absl::StatusOr<HeaderMatcher> ParseHeaderMatcher(
51
- const Json::Object& header_matcher_json,
52
- std::vector<grpc_error_handle>* error_list) {
53
- std::string name;
54
- ParseJsonObjectField(header_matcher_json, "name", &name, error_list);
55
- std::string match;
56
- HeaderMatcher::Type type = HeaderMatcher::Type();
57
- const Json::Object* inner_json;
58
- int64_t start = 0;
59
- int64_t end = 0;
60
- bool present_match = false;
61
- bool invert_match = false;
62
- ParseJsonObjectField(header_matcher_json, "invertMatch", &invert_match,
63
- error_list, /*required=*/false);
64
- if (ParseJsonObjectField(header_matcher_json, "exactMatch", &match,
65
- error_list, /*required=*/false)) {
66
- type = HeaderMatcher::Type::kExact;
67
- } else if (ParseJsonObjectField(header_matcher_json, "safeRegexMatch",
68
- &inner_json, error_list,
69
- /*required=*/false)) {
70
- type = HeaderMatcher::Type::kSafeRegex;
71
- std::vector<grpc_error_handle> safe_regex_matcher_error_list;
72
- match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
73
- if (!safe_regex_matcher_error_list.empty()) {
74
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
75
- "safeRegexMatch", &safe_regex_matcher_error_list));
76
- }
77
- } else if (ParseJsonObjectField(header_matcher_json, "rangeMatch",
78
- &inner_json, error_list,
79
- /*required=*/false)) {
80
- type = HeaderMatcher::Type::kRange;
81
- std::vector<grpc_error_handle> range_error_list;
82
- ParseJsonObjectField(*inner_json, "start", &start, &range_error_list);
83
- ParseJsonObjectField(*inner_json, "end", &end, &range_error_list);
84
- if (!range_error_list.empty()) {
85
- error_list->push_back(
86
- GRPC_ERROR_CREATE_FROM_VECTOR("rangeMatch", &range_error_list));
87
- }
88
- } else if (ParseJsonObjectField(header_matcher_json, "presentMatch",
89
- &present_match, error_list,
90
- /*required=*/false)) {
91
- type = HeaderMatcher::Type::kPresent;
92
- } else if (ParseJsonObjectField(header_matcher_json, "prefixMatch", &match,
93
- error_list, /*required=*/false)) {
94
- type = HeaderMatcher::Type::kPrefix;
95
- } else if (ParseJsonObjectField(header_matcher_json, "suffixMatch", &match,
96
- error_list, /*required=*/false)) {
97
- type = HeaderMatcher::Type::kSuffix;
98
- } else if (ParseJsonObjectField(header_matcher_json, "containsMatch", &match,
99
- error_list, /*required=*/false)) {
100
- type = HeaderMatcher::Type::kContains;
101
- } else {
102
- return absl::InvalidArgumentError("No valid matcher found");
103
- }
104
- return HeaderMatcher::Create(name, type, match, start, end, present_match,
105
- invert_match);
219
+ void RbacConfig::RbacPolicy::Rules::Policy::CidrRange::JsonPostLoad(
220
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
221
+ auto address_prefix = LoadJsonObjectField<std::string>(
222
+ json.object_value(), args, "addressPrefix", errors);
223
+ auto prefix_len = LoadJsonObjectField<uint32_t>(json.object_value(), args,
224
+ "prefixLen", errors,
225
+ /*required=*/false);
226
+ cidr_range =
227
+ Rbac::CidrRange(address_prefix.value_or(""), prefix_len.value_or(0));
106
228
  }
107
229
 
108
- absl::StatusOr<StringMatcher> ParseStringMatcher(
109
- const Json::Object& string_matcher_json,
110
- std::vector<grpc_error_handle>* error_list) {
111
- std::string match;
112
- StringMatcher::Type type = StringMatcher::Type();
113
- const Json::Object* inner_json;
114
- bool ignore_case = false;
115
- ParseJsonObjectField(string_matcher_json, "ignoreCase", &ignore_case,
116
- error_list, /*required=*/false);
117
- if (ParseJsonObjectField(string_matcher_json, "exact", &match, error_list,
118
- /*required=*/false)) {
119
- type = StringMatcher::Type::kExact;
120
- } else if (ParseJsonObjectField(string_matcher_json, "prefix", &match,
121
- error_list, /*required=*/false)) {
122
- type = StringMatcher::Type::kPrefix;
123
- } else if (ParseJsonObjectField(string_matcher_json, "suffix", &match,
124
- error_list, /*required=*/false)) {
125
- type = StringMatcher::Type::kSuffix;
126
- } else if (ParseJsonObjectField(string_matcher_json, "safeRegex", &inner_json,
127
- error_list, /*required=*/false)) {
128
- type = StringMatcher::Type::kSafeRegex;
129
- std::vector<grpc_error_handle> safe_regex_matcher_error_list;
130
- match = ParseRegexMatcher(*inner_json, &safe_regex_matcher_error_list);
131
- if (!safe_regex_matcher_error_list.empty()) {
132
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
133
- "safeRegex", &safe_regex_matcher_error_list));
134
- }
135
- } else if (ParseJsonObjectField(string_matcher_json, "contains", &match,
136
- error_list, /*required=*/false)) {
137
- type = StringMatcher::Type::kContains;
138
- } else {
139
- return absl::InvalidArgumentError("No valid matcher found");
140
- }
141
- return StringMatcher::Create(type, match, ignore_case);
230
+ //
231
+ // RbacConfig::RbacPolicy::Rules::Policy::SafeRegexMatch
232
+ //
233
+
234
+ const JsonLoaderInterface*
235
+ RbacConfig::RbacPolicy::Rules::Policy::SafeRegexMatch::JsonLoader(
236
+ const JsonArgs&) {
237
+ static const auto* loader = JsonObjectLoader<SafeRegexMatch>()
238
+ .Field("regex", &SafeRegexMatch::regex)
239
+ .Finish();
240
+ return loader;
142
241
  }
143
242
 
144
- absl::StatusOr<StringMatcher> ParsePathMatcher(
145
- const Json::Object& path_matcher_json,
146
- std::vector<grpc_error_handle>* error_list) {
147
- const Json::Object* string_matcher_json;
148
- if (ParseJsonObjectField(path_matcher_json, "path", &string_matcher_json,
149
- error_list)) {
150
- std::vector<grpc_error_handle> sub_error_list;
151
- auto matcher = ParseStringMatcher(*string_matcher_json, &sub_error_list);
152
- if (!sub_error_list.empty()) {
153
- error_list->push_back(
154
- GRPC_ERROR_CREATE_FROM_VECTOR("path", &sub_error_list));
155
- }
156
- return matcher;
157
- }
158
- return absl::InvalidArgumentError("No path found");
243
+ //
244
+ // RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::RangeMatch
245
+ //
246
+
247
+ const JsonLoaderInterface*
248
+ RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::RangeMatch::JsonLoader(
249
+ const JsonArgs&) {
250
+ static const auto* loader = JsonObjectLoader<RangeMatch>()
251
+ .Field("start", &RangeMatch::start)
252
+ .Field("end", &RangeMatch::end)
253
+ .Finish();
254
+ return loader;
159
255
  }
160
256
 
161
- Rbac::CidrRange ParseCidrRange(const Json::Object& cidr_range_json,
162
- std::vector<grpc_error_handle>* error_list) {
163
- std::string address_prefix;
164
- ParseJsonObjectField(cidr_range_json, "addressPrefix", &address_prefix,
165
- error_list);
166
- const Json::Object* uint32_json;
167
- uint32_t prefix_len = 0; // default value
168
- if (ParseJsonObjectField(cidr_range_json, "prefixLen", &uint32_json,
169
- error_list, /*required=*/false)) {
170
- std::vector<grpc_error_handle> sub_error_list;
171
- ParseJsonObjectField(*uint32_json, "value", &prefix_len, &sub_error_list);
172
- if (!sub_error_list.empty()) {
173
- error_list->push_back(
174
- GRPC_ERROR_CREATE_FROM_VECTOR("prefixLen", &sub_error_list));
175
- }
176
- }
177
- return Rbac::CidrRange(std::move(address_prefix), prefix_len);
257
+ //
258
+ // RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch
259
+ //
260
+
261
+ const JsonLoaderInterface*
262
+ RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::JsonLoader(
263
+ const JsonArgs&) {
264
+ // All fields handled in JsonPostLoad().
265
+ static const auto* loader = JsonObjectLoader<HeaderMatch>().Finish();
266
+ return loader;
178
267
  }
179
268
 
180
- Rbac::Permission ParsePermission(const Json::Object& permission_json,
181
- std::vector<grpc_error_handle>* error_list) {
182
- auto parse_permission_set = [](const Json::Object& permission_set_json,
183
- std::vector<grpc_error_handle>* error_list) {
184
- const Json::Array* rules_json;
185
- std::vector<std::unique_ptr<Rbac::Permission>> permissions;
186
- if (ParseJsonObjectField(permission_set_json, "rules", &rules_json,
187
- error_list)) {
188
- for (size_t i = 0; i < rules_json->size(); ++i) {
189
- const Json::Object* permission_json;
190
- if (!ExtractJsonType((*rules_json)[i],
191
- absl::StrFormat("rules[%d]", i).c_str(),
192
- &permission_json, error_list)) {
193
- continue;
194
- }
195
- std::vector<grpc_error_handle> permission_error_list;
196
- permissions.emplace_back(absl::make_unique<Rbac::Permission>(
197
- ParsePermission(*permission_json, &permission_error_list)));
198
- if (!permission_error_list.empty()) {
199
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
200
- absl::StrFormat("rules[%d]", i), &permission_error_list));
201
- }
202
- }
203
- }
204
- return permissions;
205
- };
206
- Rbac::Permission permission;
207
- const Json::Object* inner_json;
208
- bool any;
209
- int port;
210
- if (ParseJsonObjectField(permission_json, "andRules", &inner_json, error_list,
211
- /*required=*/false)) {
212
- std::vector<grpc_error_handle> and_rules_error_list;
213
- permission = Rbac::Permission::MakeAndPermission(
214
- parse_permission_set(*inner_json, &and_rules_error_list));
215
- if (!and_rules_error_list.empty()) {
216
- error_list->push_back(
217
- GRPC_ERROR_CREATE_FROM_VECTOR("andRules", &and_rules_error_list));
218
- }
219
- } else if (ParseJsonObjectField(permission_json, "orRules", &inner_json,
220
- error_list, /*required=*/false)) {
221
- std::vector<grpc_error_handle> or_rules_error_list;
222
- permission = Rbac::Permission::MakeOrPermission(
223
- parse_permission_set(*inner_json, &or_rules_error_list));
224
- if (!or_rules_error_list.empty()) {
225
- error_list->push_back(
226
- GRPC_ERROR_CREATE_FROM_VECTOR("orRules", &or_rules_error_list));
227
- }
228
- } else if (ParseJsonObjectField(permission_json, "any", &any, error_list,
229
- /*required=*/false) &&
230
- any) {
231
- permission = Rbac::Permission::MakeAnyPermission();
232
- } else if (ParseJsonObjectField(permission_json, "header", &inner_json,
233
- error_list,
234
- /*required=*/false)) {
235
- std::vector<grpc_error_handle> header_error_list;
236
- auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
237
- if (matcher.ok()) {
238
- permission = Rbac::Permission::MakeHeaderPermission(*matcher);
269
+ void RbacConfig::RbacPolicy::Rules::Policy::HeaderMatch::JsonPostLoad(
270
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
271
+ const size_t original_error_size = errors->size();
272
+ std::string name = LoadJsonObjectField<std::string>(json.object_value(), args,
273
+ "name", errors)
274
+ .value_or("");
275
+ bool invert_match = LoadJsonObjectField<bool>(json.object_value(), args,
276
+ "invertMatch", errors,
277
+ /*required=*/false)
278
+ .value_or(false);
279
+ auto set_header_matcher = [&](absl::StatusOr<HeaderMatcher> header_matcher) {
280
+ if (header_matcher.ok()) {
281
+ matcher = *header_matcher;
239
282
  } else {
240
- header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
241
- }
242
- if (!header_error_list.empty()) {
243
- error_list->push_back(
244
- GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
245
- }
246
- } else if (ParseJsonObjectField(permission_json, "urlPath", &inner_json,
247
- error_list,
248
- /*required=*/false)) {
249
- std::vector<grpc_error_handle> url_path_error_list;
250
- auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
251
- if (matcher.ok()) {
252
- permission = Rbac::Permission::MakePathPermission(*matcher);
253
- } else {
254
- url_path_error_list.push_back(
255
- absl_status_to_grpc_error(matcher.status()));
256
- }
257
- if (!url_path_error_list.empty()) {
258
- error_list->push_back(
259
- GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
283
+ errors->AddError(header_matcher.status().message());
260
284
  }
261
- } else if (ParseJsonObjectField(permission_json, "destinationIp", &inner_json,
262
- error_list, /*required=*/false)) {
263
- std::vector<grpc_error_handle> destination_ip_error_list;
264
- permission = Rbac::Permission::MakeDestIpPermission(
265
- ParseCidrRange(*inner_json, &destination_ip_error_list));
266
- if (!destination_ip_error_list.empty()) {
267
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
268
- "destinationIp", &destination_ip_error_list));
269
- }
270
- } else if (ParseJsonObjectField(permission_json, "destinationPort", &port,
271
- error_list, /*required=*/false)) {
272
- permission = Rbac::Permission::MakeDestPortPermission(port);
273
- } else if (ParseJsonObjectField(permission_json, "metadata", &inner_json,
274
- error_list, /*required=*/false)) {
275
- std::vector<grpc_error_handle> metadata_error_list;
276
- bool invert = false;
277
- ParseJsonObjectField(*inner_json, "invert", &invert, &metadata_error_list,
278
- /*required=*/false);
279
- if (metadata_error_list.empty()) {
280
- permission = Rbac::Permission::MakeMetadataPermission(invert);
281
- } else {
282
- error_list->push_back(
283
- GRPC_ERROR_CREATE_FROM_VECTOR("metadata", &metadata_error_list));
284
- }
285
- } else if (ParseJsonObjectField(permission_json, "notRule", &inner_json,
286
- error_list, /*required=*/false)) {
287
- std::vector<grpc_error_handle> not_rule_error_list;
288
- permission = Rbac::Permission::MakeNotPermission(
289
- ParsePermission(*inner_json, &not_rule_error_list));
290
- if (!not_rule_error_list.empty()) {
291
- error_list->push_back(
292
- GRPC_ERROR_CREATE_FROM_VECTOR("notRule", &not_rule_error_list));
293
- }
294
- } else if (ParseJsonObjectField(permission_json, "requestedServerName",
295
- &inner_json, error_list,
296
- /*required=*/false)) {
297
- std::vector<grpc_error_handle> req_server_name_error_list;
298
- auto matcher = ParseStringMatcher(*inner_json, &req_server_name_error_list);
299
- if (matcher.ok()) {
300
- permission = Rbac::Permission::MakeReqServerNamePermission(*matcher);
301
- } else {
302
- req_server_name_error_list.push_back(
303
- absl_status_to_grpc_error(matcher.status()));
304
- }
305
- if (!req_server_name_error_list.empty()) {
306
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
307
- "requestedServerName", &req_server_name_error_list));
308
- }
309
- } else {
310
- error_list->push_back(
311
- GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid rule found"));
285
+ };
286
+ auto check_match = [&](absl::string_view field_name,
287
+ HeaderMatcher::Type type) {
288
+ auto match = LoadJsonObjectField<std::string>(json.object_value(), args,
289
+ field_name, errors,
290
+ /*required=*/false);
291
+ if (match.has_value()) {
292
+ set_header_matcher(
293
+ HeaderMatcher::Create(name, type, *match, 0, 0, false, invert_match));
294
+ return true;
295
+ }
296
+ return false;
297
+ };
298
+ if (check_match("exactMatch", HeaderMatcher::Type::kExact) ||
299
+ check_match("prefixMatch", HeaderMatcher::Type::kPrefix) ||
300
+ check_match("suffixMatch", HeaderMatcher::Type::kSuffix) ||
301
+ check_match("containsMatch", HeaderMatcher::Type::kContains)) {
302
+ return;
303
+ }
304
+ auto present_match = LoadJsonObjectField<bool>(json.object_value(), args,
305
+ "presentMatch", errors,
306
+ /*required=*/false);
307
+ if (present_match.has_value()) {
308
+ set_header_matcher(
309
+ HeaderMatcher::Create(name, HeaderMatcher::Type::kPresent, "", 0, 0,
310
+ *present_match, invert_match));
311
+ return;
312
+ }
313
+ auto regex_match = LoadJsonObjectField<SafeRegexMatch>(
314
+ json.object_value(), args, "safeRegexMatch", errors,
315
+ /*required=*/false);
316
+ if (regex_match.has_value()) {
317
+ set_header_matcher(
318
+ HeaderMatcher::Create(name, HeaderMatcher::Type::kSafeRegex,
319
+ regex_match->regex, 0, 0, false, invert_match));
320
+ return;
321
+ }
322
+ auto range_match = LoadJsonObjectField<RangeMatch>(json.object_value(), args,
323
+ "rangeMatch", errors,
324
+ /*required=*/false);
325
+ if (range_match.has_value()) {
326
+ set_header_matcher(HeaderMatcher::Create(name, HeaderMatcher::Type::kRange,
327
+ "", range_match->start,
328
+ range_match->end, invert_match));
329
+ return;
330
+ }
331
+ if (errors->size() == original_error_size) {
332
+ errors->AddError("no valid matcher found");
312
333
  }
313
- return permission;
314
334
  }
315
335
 
316
- Rbac::Principal ParsePrincipal(const Json::Object& principal_json,
317
- std::vector<grpc_error_handle>* error_list) {
318
- auto parse_principal_set = [](const Json::Object& principal_set_json,
319
- std::vector<grpc_error_handle>* error_list) {
320
- const Json::Array* rules_json;
321
- std::vector<std::unique_ptr<Rbac::Principal>> principals;
322
- if (ParseJsonObjectField(principal_set_json, "ids", &rules_json,
323
- error_list)) {
324
- for (size_t i = 0; i < rules_json->size(); ++i) {
325
- const Json::Object* principal_json;
326
- if (!ExtractJsonType((*rules_json)[i],
327
- absl::StrFormat("ids[%d]", i).c_str(),
328
- &principal_json, error_list)) {
329
- continue;
330
- }
331
- std::vector<grpc_error_handle> principal_error_list;
332
- principals.emplace_back(absl::make_unique<Rbac::Principal>(
333
- ParsePrincipal(*principal_json, &principal_error_list)));
334
- if (!principal_error_list.empty()) {
335
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
336
- absl::StrFormat("ids[%d]", i), &principal_error_list));
337
- }
338
- }
339
- }
340
- return principals;
341
- };
342
- Rbac::Principal principal;
343
- const Json::Object* inner_json;
344
- bool any;
345
- if (ParseJsonObjectField(principal_json, "andIds", &inner_json, error_list,
346
- /*required=*/false)) {
347
- std::vector<grpc_error_handle> and_rules_error_list;
348
- principal = Rbac::Principal::MakeAndPrincipal(
349
- parse_principal_set(*inner_json, &and_rules_error_list));
350
- if (!and_rules_error_list.empty()) {
351
- error_list->push_back(
352
- GRPC_ERROR_CREATE_FROM_VECTOR("andIds", &and_rules_error_list));
353
- }
354
- } else if (ParseJsonObjectField(principal_json, "orIds", &inner_json,
355
- error_list, /*required=*/false)) {
356
- std::vector<grpc_error_handle> or_rules_error_list;
357
- principal = Rbac::Principal::MakeOrPrincipal(
358
- parse_principal_set(*inner_json, &or_rules_error_list));
359
- if (!or_rules_error_list.empty()) {
360
- error_list->push_back(
361
- GRPC_ERROR_CREATE_FROM_VECTOR("orIds", &or_rules_error_list));
362
- }
363
- } else if (ParseJsonObjectField(principal_json, "any", &any, error_list,
364
- /*required=*/false) &&
365
- any) {
366
- principal = Rbac::Principal::MakeAnyPrincipal();
367
- } else if (ParseJsonObjectField(principal_json, "authenticated", &inner_json,
368
- error_list, /*required=*/false)) {
369
- std::vector<grpc_error_handle> authenticated_error_list;
370
- const Json::Object* principal_name_json;
371
- if (ParseJsonObjectField(*inner_json, "principalName", &principal_name_json,
372
- &authenticated_error_list, /*required=*/false)) {
373
- std::vector<grpc_error_handle> principal_name_error_list;
374
- auto matcher =
375
- ParseStringMatcher(*principal_name_json, &principal_name_error_list);
376
- if (matcher.ok()) {
377
- principal = Rbac::Principal::MakeAuthenticatedPrincipal(*matcher);
378
- } else {
379
- principal_name_error_list.push_back(
380
- absl_status_to_grpc_error(matcher.status()));
381
- }
382
- if (!principal_name_error_list.empty()) {
383
- authenticated_error_list.push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
384
- "principalName", &principal_name_error_list));
385
- }
386
- } else if (authenticated_error_list.empty()) {
387
- // No principalName found. Match for all users.
388
- principal = Rbac::Principal::MakeAnyPrincipal();
389
- } else {
390
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
391
- "authenticated", &authenticated_error_list));
392
- }
393
- } else if (ParseJsonObjectField(principal_json, "sourceIp", &inner_json,
394
- error_list, /*required=*/false)) {
395
- std::vector<grpc_error_handle> source_ip_error_list;
396
- principal = Rbac::Principal::MakeSourceIpPrincipal(
397
- ParseCidrRange(*inner_json, &source_ip_error_list));
398
- if (!source_ip_error_list.empty()) {
399
- error_list->push_back(
400
- GRPC_ERROR_CREATE_FROM_VECTOR("sourceIp", &source_ip_error_list));
401
- }
402
- } else if (ParseJsonObjectField(principal_json, "directRemoteIp", &inner_json,
403
- error_list, /*required=*/false)) {
404
- std::vector<grpc_error_handle> direct_remote_ip_error_list;
405
- principal = Rbac::Principal::MakeDirectRemoteIpPrincipal(
406
- ParseCidrRange(*inner_json, &direct_remote_ip_error_list));
407
- if (!direct_remote_ip_error_list.empty()) {
408
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR(
409
- "directRemoteIp", &direct_remote_ip_error_list));
410
- }
411
- } else if (ParseJsonObjectField(principal_json, "remoteIp", &inner_json,
412
- error_list, /*required=*/false)) {
413
- std::vector<grpc_error_handle> remote_ip_error_list;
414
- principal = Rbac::Principal::MakeRemoteIpPrincipal(
415
- ParseCidrRange(*inner_json, &remote_ip_error_list));
416
- if (!remote_ip_error_list.empty()) {
417
- error_list->push_back(
418
- GRPC_ERROR_CREATE_FROM_VECTOR("remoteIp", &remote_ip_error_list));
419
- }
420
- } else if (ParseJsonObjectField(principal_json, "header", &inner_json,
421
- error_list,
422
- /*required=*/false)) {
423
- std::vector<grpc_error_handle> header_error_list;
424
- auto matcher = ParseHeaderMatcher(*inner_json, &header_error_list);
425
- if (matcher.ok()) {
426
- principal = Rbac::Principal::MakeHeaderPrincipal(*matcher);
427
- } else {
428
- header_error_list.push_back(absl_status_to_grpc_error(matcher.status()));
429
- }
430
- if (!header_error_list.empty()) {
431
- error_list->push_back(
432
- GRPC_ERROR_CREATE_FROM_VECTOR("header", &header_error_list));
433
- }
434
- } else if (ParseJsonObjectField(principal_json, "urlPath", &inner_json,
435
- error_list,
436
- /*required=*/false)) {
437
- std::vector<grpc_error_handle> url_path_error_list;
438
- auto matcher = ParsePathMatcher(*inner_json, &url_path_error_list);
439
- if (matcher.ok()) {
440
- principal = Rbac::Principal::MakePathPrincipal(*matcher);
441
- } else {
442
- url_path_error_list.push_back(
443
- absl_status_to_grpc_error(matcher.status()));
444
- }
445
- if (!url_path_error_list.empty()) {
446
- error_list->push_back(
447
- GRPC_ERROR_CREATE_FROM_VECTOR("urlPath", &url_path_error_list));
448
- }
449
- } else if (ParseJsonObjectField(principal_json, "metadata", &inner_json,
450
- error_list, /*required=*/false)) {
451
- std::vector<grpc_error_handle> metadata_error_list;
452
- bool invert = false;
453
- ParseJsonObjectField(*inner_json, "invert", &invert, &metadata_error_list,
454
- /*required=*/false);
455
- if (metadata_error_list.empty()) {
456
- principal = Rbac::Principal::MakeMetadataPrincipal(invert);
336
+ //
337
+ // RbacConfig::RbacPolicy::Rules::Policy::StringMatch
338
+ //
339
+
340
+ const JsonLoaderInterface*
341
+ RbacConfig::RbacPolicy::Rules::Policy::StringMatch::JsonLoader(
342
+ const JsonArgs&) {
343
+ // All fields handled in JsonPostLoad().
344
+ static const auto* loader = JsonObjectLoader<StringMatch>().Finish();
345
+ return loader;
346
+ }
347
+
348
+ void RbacConfig::RbacPolicy::Rules::Policy::StringMatch::JsonPostLoad(
349
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
350
+ const size_t original_error_size = errors->size();
351
+ bool ignore_case =
352
+ LoadJsonObjectField<bool>(json.object_value(), args, "ignoreCase", errors,
353
+ /*required=*/false)
354
+ .value_or(false);
355
+ auto set_string_matcher = [&](absl::StatusOr<StringMatcher> string_matcher) {
356
+ if (string_matcher.ok()) {
357
+ matcher = *string_matcher;
457
358
  } else {
458
- error_list->push_back(
459
- GRPC_ERROR_CREATE_FROM_VECTOR("metadata", &metadata_error_list));
460
- }
461
- } else if (ParseJsonObjectField(principal_json, "notId", &inner_json,
462
- error_list, /*required=*/false)) {
463
- std::vector<grpc_error_handle> not_rule_error_list;
464
- principal = Rbac::Principal::MakeNotPrincipal(
465
- ParsePrincipal(*inner_json, &not_rule_error_list));
466
- if (!not_rule_error_list.empty()) {
467
- error_list->push_back(
468
- GRPC_ERROR_CREATE_FROM_VECTOR("notId", &not_rule_error_list));
359
+ errors->AddError(string_matcher.status().message());
469
360
  }
470
- } else {
471
- error_list->push_back(
472
- GRPC_ERROR_CREATE_FROM_STATIC_STRING("No valid id found"));
361
+ };
362
+ auto check_match = [&](absl::string_view field_name,
363
+ StringMatcher::Type type) {
364
+ auto match = LoadJsonObjectField<std::string>(json.object_value(), args,
365
+ field_name, errors,
366
+ /*required=*/false);
367
+ if (match.has_value()) {
368
+ set_string_matcher(StringMatcher::Create(type, *match, ignore_case));
369
+ return true;
370
+ }
371
+ return false;
372
+ };
373
+ if (check_match("exact", StringMatcher::Type::kExact) ||
374
+ check_match("prefix", StringMatcher::Type::kPrefix) ||
375
+ check_match("suffix", StringMatcher::Type::kSuffix) ||
376
+ check_match("contains", StringMatcher::Type::kContains)) {
377
+ return;
378
+ }
379
+ auto regex_match = LoadJsonObjectField<SafeRegexMatch>(
380
+ json.object_value(), args, "safeRegex", errors,
381
+ /*required=*/false);
382
+ if (regex_match.has_value()) {
383
+ set_string_matcher(StringMatcher::Create(StringMatcher::Type::kSafeRegex,
384
+ regex_match->regex, ignore_case));
385
+ return;
386
+ }
387
+ if (errors->size() == original_error_size) {
388
+ errors->AddError("no valid matcher found");
473
389
  }
474
- return principal;
475
390
  }
476
391
 
477
- Rbac::Policy ParsePolicy(const Json::Object& policy_json,
478
- std::vector<grpc_error_handle>* error_list) {
479
- Rbac::Policy policy;
480
- const Json::Array* permissions_json_array;
392
+ //
393
+ // RbacConfig::RbacPolicy::Rules::Policy::PathMatch
394
+ //
395
+
396
+ const JsonLoaderInterface*
397
+ RbacConfig::RbacPolicy::Rules::Policy::PathMatch::JsonLoader(const JsonArgs&) {
398
+ static const auto* loader =
399
+ JsonObjectLoader<PathMatch>().Field("path", &PathMatch::path).Finish();
400
+ return loader;
401
+ }
402
+
403
+ //
404
+ // RbacConfig::RbacPolicy::Rules::Policy::Metadata
405
+ //
406
+
407
+ const JsonLoaderInterface*
408
+ RbacConfig::RbacPolicy::Rules::Policy::Metadata::JsonLoader(const JsonArgs&) {
409
+ static const auto* loader = JsonObjectLoader<Metadata>()
410
+ .OptionalField("invert", &Metadata::invert)
411
+ .Finish();
412
+ return loader;
413
+ }
414
+
415
+ //
416
+ // RbacConfig::RbacPolicy::Rules::Policy::Permission::PermissionList
417
+ //
418
+
419
+ const JsonLoaderInterface*
420
+ RbacConfig::RbacPolicy::Rules::Policy::Permission::PermissionList::JsonLoader(
421
+ const JsonArgs&) {
422
+ static const auto* loader = JsonObjectLoader<PermissionList>()
423
+ .Field("rules", &PermissionList::rules)
424
+ .Finish();
425
+ return loader;
426
+ }
427
+
428
+ //
429
+ // RbacConfig::RbacPolicy::Rules::Policy::Permission
430
+ //
431
+
432
+ std::vector<std::unique_ptr<Rbac::Permission>>
433
+ RbacConfig::RbacPolicy::Rules::Policy::Permission::MakeRbacPermissionList(
434
+ std::vector<Permission> permission_list) {
481
435
  std::vector<std::unique_ptr<Rbac::Permission>> permissions;
482
- if (ParseJsonObjectField(policy_json, "permissions", &permissions_json_array,
483
- error_list)) {
484
- for (size_t i = 0; i < permissions_json_array->size(); ++i) {
485
- const Json::Object* permission_json;
486
- if (!ExtractJsonType((*permissions_json_array)[i],
487
- absl::StrFormat("permissions[%d]", i),
488
- &permission_json, error_list)) {
489
- continue;
490
- }
491
- std::vector<grpc_error_handle> permission_error_list;
492
- permissions.emplace_back(absl::make_unique<Rbac::Permission>(
493
- ParsePermission(*permission_json, &permission_error_list)));
494
- if (!permission_error_list.empty()) {
495
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
496
- absl::StrFormat("permissions[%d]", i), &permission_error_list));
497
- }
498
- }
436
+ permissions.reserve(permission_list.size());
437
+ for (auto& rule : permission_list) {
438
+ permissions.emplace_back(std::move(rule.permission));
439
+ }
440
+ return permissions;
441
+ }
442
+
443
+ const JsonLoaderInterface*
444
+ RbacConfig::RbacPolicy::Rules::Policy::Permission::JsonLoader(const JsonArgs&) {
445
+ // All fields handled in JsonPostLoad().
446
+ static const auto* loader = JsonObjectLoader<Permission>().Finish();
447
+ return loader;
448
+ }
449
+
450
+ void RbacConfig::RbacPolicy::Rules::Policy::Permission::JsonPostLoad(
451
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
452
+ const size_t original_error_size = errors->size();
453
+ auto any = LoadJsonObjectField<bool>(json.object_value(), args, "any", errors,
454
+ /*required=*/false);
455
+ if (any.has_value()) {
456
+ permission = std::make_unique<Rbac::Permission>(
457
+ Rbac::Permission::MakeAnyPermission());
458
+ return;
459
+ }
460
+ auto header = LoadJsonObjectField<HeaderMatch>(json.object_value(), args,
461
+ "header", errors,
462
+ /*required=*/false);
463
+ if (header.has_value()) {
464
+ permission = std::make_unique<Rbac::Permission>(
465
+ Rbac::Permission::MakeHeaderPermission(std::move(header->matcher)));
466
+ return;
467
+ }
468
+ auto url_path = LoadJsonObjectField<PathMatch>(json.object_value(), args,
469
+ "urlPath", errors,
470
+ /*required=*/false);
471
+ if (url_path.has_value()) {
472
+ permission = std::make_unique<Rbac::Permission>(
473
+ Rbac::Permission::MakePathPermission(url_path->path.matcher));
474
+ return;
499
475
  }
500
- const Json::Array* principals_json_array;
476
+ auto destination_ip = LoadJsonObjectField<CidrRange>(
477
+ json.object_value(), args, "destinationIp", errors,
478
+ /*required=*/false);
479
+ if (destination_ip.has_value()) {
480
+ permission = std::make_unique<Rbac::Permission>(
481
+ Rbac::Permission::MakeDestIpPermission(
482
+ std::move(destination_ip->cidr_range)));
483
+ return;
484
+ }
485
+ auto destination_port = LoadJsonObjectField<uint32_t>(
486
+ json.object_value(), args, "destinationPort", errors,
487
+ /*required=*/false);
488
+ if (destination_port.has_value()) {
489
+ permission = std::make_unique<Rbac::Permission>(
490
+ Rbac::Permission::MakeDestPortPermission(*destination_port));
491
+ return;
492
+ }
493
+ auto metadata = LoadJsonObjectField<Metadata>(json.object_value(), args,
494
+ "metadata", errors,
495
+ /*required=*/false);
496
+ if (metadata.has_value()) {
497
+ permission = std::make_unique<Rbac::Permission>(
498
+ Rbac::Permission::MakeMetadataPermission(metadata->invert));
499
+ return;
500
+ }
501
+ auto requested_server_name = LoadJsonObjectField<StringMatch>(
502
+ json.object_value(), args, "requestedServerName", errors,
503
+ /*required=*/false);
504
+ if (requested_server_name.has_value()) {
505
+ permission = std::make_unique<Rbac::Permission>(
506
+ Rbac::Permission::MakeReqServerNamePermission(
507
+ std::move(requested_server_name->matcher)));
508
+ return;
509
+ }
510
+ auto rules = LoadJsonObjectField<PermissionList>(json.object_value(), args,
511
+ "andRules", errors,
512
+ /*required=*/false);
513
+ if (rules.has_value()) {
514
+ permission =
515
+ std::make_unique<Rbac::Permission>(Rbac::Permission::MakeAndPermission(
516
+ MakeRbacPermissionList(std::move(rules->rules))));
517
+ return;
518
+ }
519
+ rules = LoadJsonObjectField<PermissionList>(json.object_value(), args,
520
+ "orRules", errors,
521
+ /*required=*/false);
522
+ if (rules.has_value()) {
523
+ permission =
524
+ std::make_unique<Rbac::Permission>(Rbac::Permission::MakeOrPermission(
525
+ MakeRbacPermissionList(std::move(rules->rules))));
526
+ return;
527
+ }
528
+ auto not_rule = LoadJsonObjectField<Permission>(json.object_value(), args,
529
+ "notRule", errors,
530
+ /*required=*/false);
531
+ if (not_rule.has_value()) {
532
+ permission = std::make_unique<Rbac::Permission>(
533
+ Rbac::Permission::MakeNotPermission(std::move(*not_rule->permission)));
534
+ return;
535
+ }
536
+ if (errors->size() == original_error_size) {
537
+ errors->AddError("no valid rule found");
538
+ }
539
+ }
540
+
541
+ //
542
+ // RbacConfig::RbacPolicy::Rules::Policy::Principal::PrincipalList
543
+ //
544
+
545
+ const JsonLoaderInterface*
546
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::PrincipalList::JsonLoader(
547
+ const JsonArgs&) {
548
+ static const auto* loader = JsonObjectLoader<PrincipalList>()
549
+ .Field("ids", &PrincipalList::ids)
550
+ .Finish();
551
+ return loader;
552
+ }
553
+
554
+ //
555
+ // RbacConfig::RbacPolicy::Rules::Policy::Principal::Authenticated
556
+ //
557
+
558
+ const JsonLoaderInterface*
559
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::Authenticated::JsonLoader(
560
+ const JsonArgs&) {
561
+ static const auto* loader =
562
+ JsonObjectLoader<Authenticated>()
563
+ .OptionalField("principalName", &Authenticated::principal_name)
564
+ .Finish();
565
+ return loader;
566
+ }
567
+
568
+ //
569
+ // RbacConfig::RbacPolicy::Rules::Policy::Principal
570
+ //
571
+
572
+ std::vector<std::unique_ptr<Rbac::Principal>>
573
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::MakeRbacPrincipalList(
574
+ std::vector<Principal> principal_list) {
501
575
  std::vector<std::unique_ptr<Rbac::Principal>> principals;
502
- if (ParseJsonObjectField(policy_json, "principals", &principals_json_array,
503
- error_list)) {
504
- for (size_t i = 0; i < principals_json_array->size(); ++i) {
505
- const Json::Object* principal_json;
506
- if (!ExtractJsonType((*principals_json_array)[i],
507
- absl::StrFormat("principals[%d]", i),
508
- &principal_json, error_list)) {
509
- continue;
510
- }
511
- std::vector<grpc_error_handle> principal_error_list;
512
- principals.emplace_back(absl::make_unique<Rbac::Principal>(
513
- ParsePrincipal(*principal_json, &principal_error_list)));
514
- if (!principal_error_list.empty()) {
515
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
516
- absl::StrFormat("principals[%d]", i), &principal_error_list));
517
- }
518
- }
576
+ principals.reserve(principal_list.size());
577
+ for (auto& id : principal_list) {
578
+ principals.emplace_back(std::move(id.principal));
519
579
  }
520
- policy.permissions =
521
- Rbac::Permission::MakeOrPermission(std::move(permissions));
522
- policy.principals = Rbac::Principal::MakeOrPrincipal(std::move(principals));
523
- return policy;
580
+ return principals;
524
581
  }
525
582
 
526
- Rbac ParseRbac(const Json::Object& rbac_json,
527
- std::vector<grpc_error_handle>* error_list) {
528
- Rbac rbac;
529
- const Json::Object* rules_json;
530
- if (!ParseJsonObjectField(rbac_json, "rules", &rules_json, error_list,
531
- /*required=*/false)) {
532
- // No enforcing to be applied. An empty deny policy with an empty map is
533
- // equivalent to no enforcing.
534
- return Rbac(Rbac::Action::kDeny, {});
583
+ const JsonLoaderInterface*
584
+ RbacConfig::RbacPolicy::Rules::Policy::Principal::JsonLoader(const JsonArgs&) {
585
+ // All fields handled in JsonPostLoad().
586
+ static const auto* loader = JsonObjectLoader<Principal>().Finish();
587
+ return loader;
588
+ }
589
+
590
+ void RbacConfig::RbacPolicy::Rules::Policy::Principal::JsonPostLoad(
591
+ const Json& json, const JsonArgs& args, ValidationErrors* errors) {
592
+ const size_t original_error_size = errors->size();
593
+ auto any = LoadJsonObjectField<bool>(json.object_value(), args, "any", errors,
594
+ /*required=*/false);
595
+ if (any.has_value()) {
596
+ principal =
597
+ std::make_unique<Rbac::Principal>(Rbac::Principal::MakeAnyPrincipal());
598
+ return;
535
599
  }
536
- int action;
537
- if (ParseJsonObjectField(*rules_json, "action", &action, error_list)) {
538
- if (action > 1) {
539
- error_list->push_back(
540
- GRPC_ERROR_CREATE_FROM_STATIC_STRING("Unknown action"));
600
+ auto authenticated = LoadJsonObjectField<Authenticated>(
601
+ json.object_value(), args, "authenticated", errors,
602
+ /*required=*/false);
603
+ if (authenticated.has_value()) {
604
+ if (authenticated->principal_name.has_value()) {
605
+ principal = std::make_unique<Rbac::Principal>(
606
+ Rbac::Principal::MakeAuthenticatedPrincipal(
607
+ std::move(authenticated->principal_name->matcher)));
608
+ } else {
609
+ // No principalName found. Match for all users.
610
+ principal = std::make_unique<Rbac::Principal>(
611
+ Rbac::Principal::MakeAnyPrincipal());
541
612
  }
613
+ return;
614
+ }
615
+ auto cidr_range = LoadJsonObjectField<CidrRange>(json.object_value(), args,
616
+ "sourceIp", errors,
617
+ /*required=*/false);
618
+ if (cidr_range.has_value()) {
619
+ principal = std::make_unique<Rbac::Principal>(
620
+ Rbac::Principal::MakeSourceIpPrincipal(
621
+ std::move(cidr_range->cidr_range)));
622
+ return;
623
+ }
624
+ cidr_range = LoadJsonObjectField<CidrRange>(json.object_value(), args,
625
+ "directRemoteIp", errors,
626
+ /*required=*/false);
627
+ if (cidr_range.has_value()) {
628
+ principal = std::make_unique<Rbac::Principal>(
629
+ Rbac::Principal::MakeDirectRemoteIpPrincipal(
630
+ std::move(cidr_range->cidr_range)));
631
+ return;
632
+ }
633
+ cidr_range = LoadJsonObjectField<CidrRange>(json.object_value(), args,
634
+ "remoteIp", errors,
635
+ /*required=*/false);
636
+ if (cidr_range.has_value()) {
637
+ principal = std::make_unique<Rbac::Principal>(
638
+ Rbac::Principal::MakeRemoteIpPrincipal(
639
+ std::move(cidr_range->cidr_range)));
640
+ return;
641
+ }
642
+ auto header = LoadJsonObjectField<HeaderMatch>(json.object_value(), args,
643
+ "header", errors,
644
+ /*required=*/false);
645
+ if (header.has_value()) {
646
+ principal = std::make_unique<Rbac::Principal>(
647
+ Rbac::Principal::MakeHeaderPrincipal(std::move(header->matcher)));
648
+ return;
649
+ }
650
+ auto url_path = LoadJsonObjectField<PathMatch>(json.object_value(), args,
651
+ "urlPath", errors,
652
+ /*required=*/false);
653
+ if (url_path.has_value()) {
654
+ principal = std::make_unique<Rbac::Principal>(
655
+ Rbac::Principal::MakePathPrincipal(std::move(url_path->path.matcher)));
656
+ return;
657
+ }
658
+ auto metadata = LoadJsonObjectField<Metadata>(json.object_value(), args,
659
+ "metadata", errors,
660
+ /*required=*/false);
661
+ if (metadata.has_value()) {
662
+ principal = std::make_unique<Rbac::Principal>(
663
+ Rbac::Principal::MakeMetadataPrincipal(metadata->invert));
664
+ return;
665
+ }
666
+ auto ids = LoadJsonObjectField<PrincipalList>(json.object_value(), args,
667
+ "andIds", errors,
668
+ /*required=*/false);
669
+ if (ids.has_value()) {
670
+ principal =
671
+ std::make_unique<Rbac::Principal>(Rbac::Principal::MakeAndPrincipal(
672
+ MakeRbacPrincipalList(std::move(ids->ids))));
673
+ return;
674
+ }
675
+ ids = LoadJsonObjectField<PrincipalList>(json.object_value(), args, "orIds",
676
+ errors,
677
+ /*required=*/false);
678
+ if (ids.has_value()) {
679
+ principal =
680
+ std::make_unique<Rbac::Principal>(Rbac::Principal::MakeOrPrincipal(
681
+ MakeRbacPrincipalList(std::move(ids->ids))));
682
+ return;
683
+ }
684
+ auto not_rule =
685
+ LoadJsonObjectField<Principal>(json.object_value(), args, "notId", errors,
686
+ /*required=*/false);
687
+ if (not_rule.has_value()) {
688
+ principal = std::make_unique<Rbac::Principal>(
689
+ Rbac::Principal::MakeNotPrincipal(std::move(*not_rule->principal)));
690
+ return;
542
691
  }
692
+ if (errors->size() == original_error_size) {
693
+ errors->AddError("no valid id found");
694
+ }
695
+ }
696
+
697
+ //
698
+ // RbacConfig::RbacPolicy::Rules::Policy
699
+ //
700
+
701
+ Rbac::Policy RbacConfig::RbacPolicy::Rules::Policy::TakeAsRbacPolicy() {
702
+ Rbac::Policy policy;
703
+ policy.permissions = Rbac::Permission::MakeOrPermission(
704
+ Permission::MakeRbacPermissionList(std::move(permissions)));
705
+ policy.principals = Rbac::Principal::MakeOrPrincipal(
706
+ Principal::MakeRbacPrincipalList(std::move(principals)));
707
+ return policy;
708
+ }
709
+
710
+ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::Policy::JsonLoader(
711
+ const JsonArgs&) {
712
+ static const auto* loader = JsonObjectLoader<Policy>()
713
+ .Field("permissions", &Policy::permissions)
714
+ .Field("principals", &Policy::principals)
715
+ .Finish();
716
+ return loader;
717
+ }
718
+
719
+ //
720
+ // RbacConfig::RbacPolicy::Rules
721
+ //
722
+
723
+ Rbac RbacConfig::RbacPolicy::Rules::TakeAsRbac() {
724
+ Rbac rbac;
543
725
  rbac.action = static_cast<Rbac::Action>(action);
544
- const Json::Object* policies_json;
545
- if (ParseJsonObjectField(*rules_json, "policies", &policies_json, error_list,
546
- /*required=*/false)) {
547
- for (const auto& entry : *policies_json) {
548
- std::vector<grpc_error_handle> policy_error_list;
549
- rbac.policies.emplace(
550
- entry.first,
551
- ParsePolicy(entry.second.object_value(), &policy_error_list));
552
- if (!policy_error_list.empty()) {
553
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
554
- absl::StrFormat("policies key:'%s'", entry.first.c_str()),
555
- &policy_error_list));
556
- }
557
- }
726
+ for (auto& p : policies) {
727
+ rbac.policies.emplace(p.first, p.second.TakeAsRbacPolicy());
558
728
  }
559
729
  return rbac;
560
730
  }
561
731
 
562
- std::vector<Rbac> ParseRbacArray(const Json::Array& policies_json_array,
563
- std::vector<grpc_error_handle>* error_list) {
564
- std::vector<Rbac> policies;
565
- for (size_t i = 0; i < policies_json_array.size(); ++i) {
566
- const Json::Object* rbac_json;
567
- if (!ExtractJsonType(policies_json_array[i],
568
- absl::StrFormat("rbacPolicy[%d]", i), &rbac_json,
569
- error_list)) {
570
- continue;
571
- }
572
- std::vector<grpc_error_handle> rbac_policy_error_list;
573
- policies.emplace_back(ParseRbac(*rbac_json, &rbac_policy_error_list));
574
- if (!rbac_policy_error_list.empty()) {
575
- error_list->push_back(GRPC_ERROR_CREATE_FROM_VECTOR_AND_CPP_STRING(
576
- absl::StrFormat("rbacPolicy[%d]", i), &rbac_policy_error_list));
577
- }
732
+ const JsonLoaderInterface* RbacConfig::RbacPolicy::Rules::JsonLoader(
733
+ const JsonArgs&) {
734
+ static const auto* loader = JsonObjectLoader<Rules>()
735
+ .Field("action", &Rules::action)
736
+ .OptionalField("policies", &Rules::policies)
737
+ .Finish();
738
+ return loader;
739
+ }
740
+
741
+ void RbacConfig::RbacPolicy::Rules::JsonPostLoad(const Json&, const JsonArgs&,
742
+ ValidationErrors* errors) {
743
+ // Validate action field.
744
+ auto rbac_action = static_cast<Rbac::Action>(action);
745
+ if (rbac_action != Rbac::Action::kAllow &&
746
+ rbac_action != Rbac::Action::kDeny) {
747
+ ValidationErrors::ScopedField field(errors, ".action");
748
+ errors->AddError("unknown action");
749
+ }
750
+ }
751
+
752
+ //
753
+ // RbacConfig::RbacPolicy
754
+ //
755
+
756
+ Rbac RbacConfig::RbacPolicy::TakeAsRbac() {
757
+ if (!rules.has_value()) {
758
+ // No enforcing to be applied. An empty deny policy with an empty map
759
+ // is equivalent to no enforcing.
760
+ return Rbac(Rbac::Action::kDeny, {});
578
761
  }
579
- return policies;
762
+ return rules->TakeAsRbac();
763
+ }
764
+
765
+ const JsonLoaderInterface* RbacConfig::RbacPolicy::JsonLoader(const JsonArgs&) {
766
+ static const auto* loader = JsonObjectLoader<RbacPolicy>()
767
+ .OptionalField("rules", &RbacPolicy::rules)
768
+ .Finish();
769
+ return loader;
770
+ }
771
+
772
+ //
773
+ // RbacConfig
774
+ //
775
+
776
+ std::vector<Rbac> RbacConfig::TakeAsRbacList() {
777
+ std::vector<Rbac> rbac_list;
778
+ rbac_list.reserve(rbac_policies.size());
779
+ for (auto& rbac_policy : rbac_policies) {
780
+ rbac_list.emplace_back(rbac_policy.TakeAsRbac());
781
+ }
782
+ return rbac_list;
783
+ }
784
+
785
+ const JsonLoaderInterface* RbacConfig::JsonLoader(const JsonArgs&) {
786
+ static const auto* loader =
787
+ JsonObjectLoader<RbacConfig>()
788
+ .Field("rbacPolicy", &RbacConfig::rbac_policies)
789
+ .Finish();
790
+ return loader;
580
791
  }
581
792
 
582
793
  } // namespace
583
794
 
584
- absl::StatusOr<std::unique_ptr<ServiceConfigParser::ParsedConfig>>
795
+ std::unique_ptr<ServiceConfigParser::ParsedConfig>
585
796
  RbacServiceConfigParser::ParsePerMethodParams(const ChannelArgs& args,
586
- const Json& json) {
797
+ const Json& json,
798
+ ValidationErrors* errors) {
587
799
  // Only parse rbac policy if the channel arg is present
588
800
  if (!args.GetBool(GRPC_ARG_PARSE_RBAC_METHOD_CONFIG).value_or(false)) {
589
801
  return nullptr;
590
802
  }
591
- std::vector<Rbac> rbac_policies;
592
- std::vector<grpc_error_handle> error_list;
593
- const Json::Array* policies_json_array;
594
- if (ParseJsonObjectField(json.object_value(), "rbacPolicy",
595
- &policies_json_array, &error_list)) {
596
- rbac_policies = ParseRbacArray(*policies_json_array, &error_list);
597
- }
598
- grpc_error_handle error =
599
- GRPC_ERROR_CREATE_FROM_VECTOR("Rbac parser", &error_list);
600
- if (!GRPC_ERROR_IS_NONE(error)) {
601
- absl::Status status = absl::InvalidArgumentError(
602
- absl::StrCat("error parsing RBAC method parameters: ",
603
- grpc_error_std_string(error)));
604
- GRPC_ERROR_UNREF(error);
605
- return status;
606
- }
803
+ auto rbac_config = LoadFromJson<RbacConfig>(json, JsonArgs(), errors);
804
+ std::vector<Rbac> rbac_policies = rbac_config.TakeAsRbacList();
607
805
  if (rbac_policies.empty()) return nullptr;
608
- return absl::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies));
806
+ return std::make_unique<RbacMethodParsedConfig>(std::move(rbac_policies));
609
807
  }
610
808
 
611
809
  void RbacServiceConfigParser::Register(CoreConfiguration::Builder* builder) {
612
810
  builder->service_config_parser()->RegisterParser(
613
- absl::make_unique<RbacServiceConfigParser>());
811
+ std::make_unique<RbacServiceConfigParser>());
614
812
  }
615
813
 
616
814
  size_t RbacServiceConfigParser::ParserIndex() {