grpc 1.50.0.pre1 → 1.51.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of grpc might be problematic. Click here for more details.
- checksums.yaml +4 -4
- data/Makefile +131 -42
- data/include/grpc/event_engine/event_engine.h +10 -3
- data/include/grpc/event_engine/slice_buffer.h +17 -0
- data/include/grpc/grpc.h +0 -10
- data/include/grpc/impl/codegen/grpc_types.h +1 -5
- data/include/grpc/impl/codegen/port_platform.h +0 -3
- data/src/core/ext/filters/channel_idle/channel_idle_filter.cc +19 -13
- data/src/core/ext/filters/channel_idle/channel_idle_filter.h +1 -0
- data/src/core/ext/filters/client_channel/backup_poller.cc +3 -3
- data/src/core/ext/filters/client_channel/channel_connectivity.cc +7 -5
- data/src/core/ext/filters/client_channel/client_channel.cc +120 -140
- data/src/core/ext/filters/client_channel/client_channel.h +3 -4
- data/src/core/ext/filters/client_channel/client_channel_channelz.cc +0 -2
- data/src/core/ext/filters/client_channel/client_channel_plugin.cc +1 -1
- data/src/core/ext/filters/client_channel/client_channel_service_config.cc +153 -0
- data/src/core/ext/filters/client_channel/{resolver_result_parsing.h → client_channel_service_config.h} +26 -23
- data/src/core/ext/filters/client_channel/connector.h +1 -1
- data/src/core/ext/filters/client_channel/dynamic_filters.cc +20 -47
- data/src/core/ext/filters/client_channel/dynamic_filters.h +7 -8
- data/src/core/ext/filters/client_channel/health/health_check_client.cc +3 -4
- data/src/core/ext/filters/client_channel/http_proxy.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/address_filtering.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/child_policy_handler.cc +5 -0
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/client_load_reporting_filter.cc +8 -7
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +35 -44
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_balancer_addresses.cc +0 -1
- data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb_client_stats.cc +1 -3
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +3 -4
- data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.h +1 -1
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +41 -29
- data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +2 -2
- data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +9 -11
- data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +15 -12
- data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +8 -10
- data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +26 -27
- data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +7 -9
- data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +44 -26
- data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +17 -27
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_attributes.cc +42 -0
- data/src/core/ext/filters/client_channel/lb_policy/xds/{xds.h → xds_attributes.h} +15 -17
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +13 -7
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +48 -47
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -126
- data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +364 -0
- data/src/core/ext/filters/client_channel/resolver/binder/binder_resolver.cc +9 -9
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/dns_resolver_ares.cc +23 -32
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_posix.cc +1 -2
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_ev_driver_windows.cc +22 -23
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +50 -52
- data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.h +1 -1
- data/src/core/ext/filters/client_channel/resolver/dns/native/dns_resolver.cc +2 -4
- data/src/core/ext/filters/client_channel/resolver/fake/fake_resolver.cc +1 -3
- data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +34 -26
- data/src/core/ext/filters/client_channel/resolver/polling_resolver.cc +3 -4
- data/src/core/ext/filters/client_channel/resolver/sockaddr/sockaddr_resolver.cc +4 -7
- data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +63 -46
- data/src/core/ext/filters/client_channel/retry_filter.cc +80 -102
- data/src/core/ext/filters/client_channel/retry_service_config.cc +192 -234
- data/src/core/ext/filters/client_channel/retry_service_config.h +20 -23
- data/src/core/ext/filters/client_channel/retry_throttle.cc +8 -8
- data/src/core/ext/filters/client_channel/retry_throttle.h +8 -7
- data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +2 -2
- data/src/core/ext/filters/client_channel/subchannel.cc +21 -25
- data/src/core/ext/filters/client_channel/subchannel.h +2 -2
- data/src/core/ext/filters/client_channel/subchannel_stream_client.cc +11 -12
- data/src/core/ext/filters/deadline/deadline_filter.cc +13 -14
- data/src/core/ext/filters/fault_injection/fault_injection_filter.cc +1 -1
- data/src/core/ext/filters/fault_injection/fault_injection_filter.h +0 -4
- data/src/core/ext/filters/fault_injection/fault_injection_service_config_parser.cc +118 -0
- data/src/core/ext/filters/fault_injection/{service_config_parser.h → fault_injection_service_config_parser.h} +20 -12
- data/src/core/ext/filters/http/client/http_client_filter.cc +16 -16
- data/src/core/ext/filters/http/client_authority_filter.cc +1 -1
- data/src/core/ext/filters/http/message_compress/message_compress_filter.cc +13 -13
- data/src/core/ext/filters/http/message_compress/message_decompress_filter.cc +34 -34
- data/src/core/ext/filters/http/server/http_server_filter.cc +26 -25
- data/src/core/ext/filters/message_size/message_size_filter.cc +86 -117
- data/src/core/ext/filters/message_size/message_size_filter.h +22 -15
- data/src/core/ext/filters/rbac/rbac_filter.cc +12 -12
- data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +728 -530
- data/src/core/ext/filters/rbac/rbac_service_config_parser.h +4 -3
- data/src/core/ext/filters/server_config_selector/server_config_selector.h +1 -1
- data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -7
- data/src/core/ext/transport/chttp2/client/chttp2_connector.cc +17 -21
- data/src/core/ext/transport/chttp2/server/chttp2_server.cc +57 -72
- data/src/core/ext/transport/chttp2/transport/bin_decoder.cc +5 -5
- data/src/core/ext/transport/chttp2/transport/bin_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/chttp2_transport.cc +212 -253
- data/src/core/ext/transport/chttp2/transport/flow_control.cc +42 -11
- data/src/core/ext/transport/chttp2/transport/flow_control.h +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_data.cc +16 -15
- data/src/core/ext/transport/chttp2/transport/frame_data.h +1 -1
- data/src/core/ext/transport/chttp2/transport/frame_goaway.cc +13 -13
- data/src/core/ext/transport/chttp2/transport/frame_ping.cc +4 -3
- data/src/core/ext/transport/chttp2/transport/frame_rst_stream.cc +10 -7
- data/src/core/ext/transport/chttp2/transport/frame_settings.cc +15 -17
- data/src/core/ext/transport/chttp2/transport/frame_window_update.cc +5 -4
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.cc +5 -6
- data/src/core/ext/transport/chttp2/transport/hpack_encoder.h +1 -1
- data/src/core/ext/transport/chttp2/transport/hpack_encoder_table.cc +2 -1
- data/src/core/ext/transport/chttp2/transport/hpack_parser.cc +31 -39
- data/src/core/ext/transport/chttp2/transport/hpack_parser_table.cc +7 -6
- data/src/core/ext/transport/chttp2/transport/internal.h +24 -8
- data/src/core/ext/transport/chttp2/transport/parsing.cc +51 -52
- data/src/core/ext/transport/chttp2/transport/varint.cc +2 -3
- data/src/core/ext/transport/chttp2/transport/varint.h +11 -8
- data/src/core/ext/transport/chttp2/transport/writing.cc +16 -16
- data/src/core/ext/transport/inproc/inproc_transport.cc +97 -115
- data/src/core/ext/xds/certificate_provider_store.cc +4 -4
- data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +4 -7
- data/src/core/ext/xds/xds_api.cc +15 -68
- data/src/core/ext/xds/xds_api.h +3 -7
- data/src/core/ext/xds/xds_bootstrap.h +0 -1
- data/src/core/ext/xds/xds_bootstrap_grpc.cc +3 -12
- data/src/core/ext/xds/xds_bootstrap_grpc.h +16 -1
- data/src/core/ext/xds/xds_certificate_provider.cc +22 -25
- data/src/core/ext/xds/xds_channel_stack_modifier.cc +0 -1
- data/src/core/ext/xds/xds_client.cc +122 -90
- data/src/core/ext/xds/xds_client.h +7 -2
- data/src/core/ext/xds/xds_client_grpc.cc +5 -24
- data/src/core/ext/xds/xds_cluster.cc +291 -183
- data/src/core/ext/xds/xds_cluster.h +11 -15
- data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +32 -29
- data/src/core/ext/xds/xds_cluster_specifier_plugin.h +35 -16
- data/src/core/ext/xds/xds_common_types.cc +208 -141
- data/src/core/ext/xds/xds_common_types.h +19 -13
- data/src/core/ext/xds/xds_endpoint.cc +214 -129
- data/src/core/ext/xds/xds_endpoint.h +4 -7
- data/src/core/ext/xds/xds_http_fault_filter.cc +56 -43
- data/src/core/ext/xds/xds_http_fault_filter.h +13 -21
- data/src/core/ext/xds/xds_http_filters.cc +60 -73
- data/src/core/ext/xds/xds_http_filters.h +67 -19
- data/src/core/ext/xds/xds_http_rbac_filter.cc +152 -207
- data/src/core/ext/xds/xds_http_rbac_filter.h +12 -15
- data/src/core/ext/xds/xds_lb_policy_registry.cc +122 -169
- data/src/core/ext/xds/xds_lb_policy_registry.h +10 -11
- data/src/core/ext/xds/xds_listener.cc +459 -417
- data/src/core/ext/xds/xds_listener.h +43 -47
- data/src/core/ext/xds/xds_resource_type.h +3 -11
- data/src/core/ext/xds/xds_resource_type_impl.h +8 -13
- data/src/core/ext/xds/xds_route_config.cc +94 -80
- data/src/core/ext/xds/xds_route_config.h +10 -10
- data/src/core/ext/xds/xds_routing.cc +2 -1
- data/src/core/ext/xds/xds_routing.h +2 -0
- data/src/core/ext/xds/xds_server_config_fetcher.cc +109 -94
- data/src/core/ext/xds/xds_transport_grpc.cc +4 -5
- data/src/core/lib/address_utils/parse_address.cc +11 -10
- data/src/core/lib/channel/channel_args.h +16 -1
- data/src/core/lib/channel/channel_stack.cc +23 -20
- data/src/core/lib/channel/channel_stack.h +17 -4
- data/src/core/lib/channel/channel_stack_builder.cc +4 -7
- data/src/core/lib/channel/channel_stack_builder.h +14 -6
- data/src/core/lib/channel/channel_stack_builder_impl.cc +25 -7
- data/src/core/lib/channel/channel_stack_builder_impl.h +2 -0
- data/src/core/lib/channel/channel_trace.cc +4 -5
- data/src/core/lib/channel/channelz.cc +1 -1
- data/src/core/lib/channel/connected_channel.cc +695 -35
- data/src/core/lib/channel/connected_channel.h +0 -4
- data/src/core/lib/channel/promise_based_filter.cc +1004 -140
- data/src/core/lib/channel/promise_based_filter.h +364 -87
- data/src/core/lib/compression/message_compress.cc +5 -5
- data/src/core/lib/debug/event_log.cc +88 -0
- data/src/core/lib/debug/event_log.h +81 -0
- data/src/core/lib/debug/histogram_view.cc +69 -0
- data/src/core/lib/{slice/slice_refcount.cc → debug/histogram_view.h} +15 -13
- data/src/core/lib/debug/stats.cc +22 -119
- data/src/core/lib/debug/stats.h +29 -35
- data/src/core/lib/debug/stats_data.cc +224 -73
- data/src/core/lib/debug/stats_data.h +263 -122
- data/src/core/lib/event_engine/common_closures.h +71 -0
- data/src/core/lib/event_engine/default_event_engine.cc +38 -15
- data/src/core/lib/event_engine/default_event_engine.h +15 -3
- data/src/core/lib/event_engine/default_event_engine_factory.cc +2 -4
- data/src/core/lib/event_engine/memory_allocator.cc +1 -1
- data/src/core/lib/event_engine/poller.h +10 -4
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +618 -0
- data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.h +129 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.cc +901 -0
- data/src/core/lib/event_engine/posix_engine/ev_poll_posix.h +97 -0
- data/src/core/lib/event_engine/posix_engine/event_poller.h +111 -0
- data/src/core/lib/event_engine/posix_engine/event_poller_posix_default.cc +74 -0
- data/src/core/lib/event_engine/{executor/threaded_executor.cc → posix_engine/event_poller_posix_default.h} +13 -16
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.cc +77 -0
- data/src/core/lib/event_engine/posix_engine/internal_errqueue.h +179 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +267 -0
- data/src/core/lib/event_engine/posix_engine/lockfree_event.h +73 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.cc +1270 -0
- data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +682 -0
- data/src/core/lib/event_engine/posix_engine/posix_engine.cc +453 -18
- data/src/core/lib/event_engine/posix_engine/posix_engine.h +148 -24
- data/src/core/lib/event_engine/posix_engine/posix_engine_closure.h +80 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.cc +1081 -0
- data/src/core/lib/event_engine/posix_engine/tcp_socket_utils.h +361 -0
- data/src/core/lib/event_engine/posix_engine/timer.h +9 -8
- data/src/core/lib/event_engine/posix_engine/timer_manager.cc +57 -194
- data/src/core/lib/event_engine/posix_engine/timer_manager.h +21 -49
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.cc +301 -0
- data/src/core/lib/event_engine/posix_engine/traced_buffer_list.h +179 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.cc +126 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_eventfd.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.cc +151 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_pipe.h +45 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix.h +76 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.cc +67 -0
- data/src/core/lib/event_engine/posix_engine/wakeup_fd_posix_default.h +37 -0
- data/src/core/lib/event_engine/slice.cc +7 -6
- data/src/core/lib/event_engine/slice_buffer.cc +2 -2
- data/src/core/lib/event_engine/thread_pool.cc +106 -25
- data/src/core/lib/event_engine/thread_pool.h +32 -9
- data/src/core/lib/event_engine/windows/win_socket.cc +7 -7
- data/src/core/lib/event_engine/windows/windows_engine.cc +18 -12
- data/src/core/lib/event_engine/windows/windows_engine.h +8 -4
- data/src/core/lib/experiments/config.cc +1 -1
- data/src/core/lib/experiments/experiments.cc +13 -2
- data/src/core/lib/experiments/experiments.h +8 -1
- data/src/core/lib/gpr/cpu_linux.cc +6 -2
- data/src/core/lib/gpr/log_linux.cc +3 -4
- data/src/core/lib/gpr/string.h +1 -1
- data/src/core/lib/gpr/tmpfile_posix.cc +3 -2
- data/src/core/lib/gprpp/load_file.cc +75 -0
- data/src/core/lib/gprpp/load_file.h +33 -0
- data/src/core/lib/gprpp/per_cpu.h +46 -0
- data/src/core/lib/gprpp/stat_posix.cc +5 -4
- data/src/core/lib/gprpp/stat_windows.cc +3 -2
- data/src/core/lib/gprpp/status_helper.h +1 -3
- data/src/core/lib/gprpp/strerror.cc +41 -0
- data/src/core/{ext/xds/xds_resource_type.cc → lib/gprpp/strerror.h} +9 -13
- data/src/core/lib/gprpp/thd_windows.cc +1 -2
- data/src/core/lib/gprpp/time.cc +3 -4
- data/src/core/lib/gprpp/time.h +13 -2
- data/src/core/lib/gprpp/validation_errors.h +18 -1
- data/src/core/lib/http/httpcli.cc +40 -44
- data/src/core/lib/http/httpcli.h +6 -5
- data/src/core/lib/http/httpcli_security_connector.cc +4 -6
- data/src/core/lib/http/parser.cc +54 -65
- data/src/core/lib/iomgr/buffer_list.cc +105 -116
- data/src/core/lib/iomgr/buffer_list.h +60 -44
- data/src/core/lib/iomgr/call_combiner.cc +11 -10
- data/src/core/lib/iomgr/call_combiner.h +3 -4
- data/src/core/lib/iomgr/cfstream_handle.cc +13 -16
- data/src/core/lib/iomgr/closure.h +49 -5
- data/src/core/lib/iomgr/combiner.cc +2 -2
- data/src/core/lib/iomgr/endpoint.h +1 -1
- data/src/core/lib/iomgr/endpoint_cfstream.cc +26 -25
- data/src/core/lib/iomgr/endpoint_pair_posix.cc +2 -2
- data/src/core/lib/iomgr/error.cc +27 -42
- data/src/core/lib/iomgr/error.h +22 -152
- data/src/core/lib/iomgr/ev_apple.cc +4 -4
- data/src/core/lib/iomgr/ev_epoll1_linux.cc +26 -25
- data/src/core/lib/iomgr/ev_poll_posix.cc +27 -31
- data/src/core/lib/iomgr/exec_ctx.cc +3 -4
- data/src/core/lib/iomgr/exec_ctx.h +2 -3
- data/src/core/lib/iomgr/executor.cc +1 -2
- data/src/core/lib/iomgr/internal_errqueue.cc +3 -1
- data/src/core/lib/iomgr/iocp_windows.cc +1 -0
- data/src/core/lib/iomgr/iomgr_posix.cc +2 -2
- data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +2 -1
- data/src/core/lib/iomgr/iomgr_windows.cc +2 -1
- data/src/core/lib/iomgr/load_file.cc +5 -9
- data/src/core/lib/iomgr/lockfree_event.cc +10 -10
- data/src/core/lib/iomgr/pollset_windows.cc +4 -4
- data/src/core/lib/iomgr/python_util.h +2 -2
- data/src/core/lib/iomgr/resolve_address.cc +8 -3
- data/src/core/lib/iomgr/resolve_address.h +3 -4
- data/src/core/lib/iomgr/resolve_address_impl.h +1 -1
- data/src/core/lib/iomgr/resolve_address_posix.cc +14 -25
- data/src/core/lib/iomgr/resolve_address_posix.h +1 -2
- data/src/core/lib/iomgr/resolve_address_windows.cc +14 -17
- data/src/core/lib/iomgr/resolve_address_windows.h +1 -2
- data/src/core/lib/iomgr/socket_utils_common_posix.cc +30 -29
- data/src/core/lib/iomgr/socket_utils_posix.cc +1 -0
- data/src/core/lib/iomgr/socket_utils_posix.h +2 -2
- data/src/core/lib/iomgr/socket_windows.cc +2 -2
- data/src/core/lib/iomgr/tcp_client_cfstream.cc +6 -10
- data/src/core/lib/iomgr/tcp_client_posix.cc +31 -35
- data/src/core/lib/iomgr/tcp_client_windows.cc +8 -12
- data/src/core/lib/iomgr/tcp_posix.cc +92 -108
- data/src/core/lib/iomgr/tcp_server_posix.cc +34 -34
- data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
- data/src/core/lib/iomgr/tcp_server_utils_posix_common.cc +18 -21
- data/src/core/lib/iomgr/tcp_server_utils_posix_ifaddrs.cc +12 -13
- data/src/core/lib/iomgr/tcp_server_utils_posix_noifaddrs.cc +1 -1
- data/src/core/lib/iomgr/tcp_server_windows.cc +26 -29
- data/src/core/lib/iomgr/tcp_windows.cc +27 -34
- data/src/core/lib/iomgr/timer.h +8 -8
- data/src/core/lib/iomgr/timer_generic.cc +9 -15
- data/src/core/lib/iomgr/unix_sockets_posix.cc +2 -4
- data/src/core/lib/iomgr/wakeup_fd_eventfd.cc +4 -3
- data/src/core/lib/iomgr/wakeup_fd_pipe.cc +10 -8
- data/src/core/lib/json/json_channel_args.h +42 -0
- data/src/core/lib/json/json_object_loader.cc +7 -2
- data/src/core/lib/json/json_object_loader.h +22 -0
- data/src/core/lib/json/json_util.cc +5 -5
- data/src/core/lib/json/json_util.h +4 -4
- data/src/core/lib/load_balancing/lb_policy.cc +1 -1
- data/src/core/lib/load_balancing/lb_policy.h +4 -0
- data/src/core/lib/load_balancing/subchannel_interface.h +0 -7
- data/src/core/lib/matchers/matchers.cc +3 -4
- data/src/core/lib/promise/activity.cc +16 -2
- data/src/core/lib/promise/activity.h +38 -15
- data/src/core/lib/promise/arena_promise.h +80 -51
- data/src/core/lib/promise/context.h +13 -6
- data/src/core/lib/promise/detail/basic_seq.h +9 -28
- data/src/core/lib/promise/detail/promise_factory.h +58 -10
- data/src/core/lib/promise/detail/status.h +28 -0
- data/src/core/lib/promise/detail/switch.h +1455 -0
- data/src/core/lib/promise/exec_ctx_wakeup_scheduler.h +3 -1
- data/src/core/lib/promise/for_each.h +129 -0
- data/src/core/lib/promise/loop.h +7 -5
- data/src/core/lib/promise/map_pipe.h +87 -0
- data/src/core/lib/promise/pipe.cc +19 -0
- data/src/core/lib/promise/pipe.h +505 -0
- data/src/core/lib/promise/poll.h +13 -0
- data/src/core/lib/promise/seq.h +3 -5
- data/src/core/lib/promise/sleep.cc +5 -4
- data/src/core/lib/promise/sleep.h +1 -2
- data/src/core/lib/promise/try_concurrently.h +341 -0
- data/src/core/lib/promise/try_seq.h +10 -13
- data/src/core/lib/resolver/server_address.cc +1 -0
- data/src/core/lib/resolver/server_address.h +1 -3
- data/src/core/lib/resource_quota/api.cc +0 -1
- data/src/core/lib/resource_quota/arena.cc +19 -0
- data/src/core/lib/resource_quota/arena.h +89 -0
- data/src/core/lib/resource_quota/memory_quota.cc +1 -0
- data/src/core/lib/security/authorization/grpc_authorization_engine.cc +1 -3
- data/src/core/lib/security/authorization/grpc_server_authz_filter.cc +4 -2
- data/src/core/lib/security/authorization/matchers.cc +25 -22
- data/src/core/lib/security/authorization/rbac_policy.cc +2 -3
- data/src/core/lib/security/context/security_context.h +10 -0
- data/src/core/lib/security/credentials/channel_creds_registry_init.cc +3 -4
- data/src/core/lib/security/credentials/composite/composite_credentials.cc +1 -1
- data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +77 -55
- data/src/core/lib/security/credentials/external/aws_request_signer.cc +4 -3
- data/src/core/lib/security/credentials/external/external_account_credentials.cc +40 -51
- data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +17 -21
- data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +21 -25
- data/src/core/lib/security/credentials/fake/fake_credentials.cc +1 -0
- data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +27 -24
- data/src/core/lib/security/credentials/iam/iam_credentials.cc +1 -0
- data/src/core/lib/security/credentials/jwt/json_token.cc +1 -2
- data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +1 -1
- data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +5 -5
- data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +24 -30
- data/src/core/lib/security/credentials/plugin/plugin_credentials.cc +6 -5
- data/src/core/lib/security/credentials/plugin/plugin_credentials.h +3 -3
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.cc +19 -27
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_distributor.h +4 -11
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.cc +29 -41
- data/src/core/lib/security/credentials/tls/grpc_tls_certificate_verifier.cc +1 -1
- data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +6 -11
- data/src/core/lib/security/security_connector/fake/fake_security_connector.cc +8 -15
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.cc +2 -2
- data/src/core/lib/security/security_connector/insecure/insecure_security_connector.h +2 -6
- data/src/core/lib/security/security_connector/load_system_roots_supported.cc +1 -4
- data/src/core/lib/security/security_connector/local/local_security_connector.cc +7 -11
- data/src/core/lib/security/security_connector/ssl/ssl_security_connector.cc +9 -14
- data/src/core/lib/security/security_connector/ssl_utils.cc +5 -7
- data/src/core/lib/security/security_connector/tls/tls_security_connector.cc +21 -27
- data/src/core/lib/security/transport/client_auth_filter.cc +1 -1
- data/src/core/lib/security/transport/secure_endpoint.cc +26 -28
- data/src/core/lib/security/transport/security_handshaker.cc +53 -53
- data/src/core/lib/security/transport/server_auth_filter.cc +21 -21
- data/src/core/lib/security/transport/tsi_error.cc +6 -3
- data/src/core/lib/security/util/json_util.cc +4 -5
- data/src/core/lib/service_config/service_config.h +1 -1
- data/src/core/lib/service_config/service_config_impl.cc +111 -158
- data/src/core/lib/service_config/service_config_impl.h +14 -17
- data/src/core/lib/service_config/service_config_parser.cc +14 -31
- data/src/core/lib/service_config/service_config_parser.h +14 -10
- data/src/core/lib/slice/b64.cc +2 -2
- data/src/core/lib/slice/slice.cc +7 -1
- data/src/core/lib/slice/slice.h +19 -6
- data/src/core/lib/slice/slice_buffer.cc +13 -14
- data/src/core/lib/slice/slice_internal.h +13 -21
- data/src/core/lib/slice/slice_refcount.h +34 -19
- data/src/core/lib/surface/byte_buffer.cc +3 -4
- data/src/core/lib/surface/byte_buffer_reader.cc +4 -4
- data/src/core/lib/surface/call.cc +1366 -239
- data/src/core/lib/surface/call.h +44 -0
- data/src/core/lib/surface/call_details.cc +3 -3
- data/src/core/lib/surface/call_trace.cc +113 -0
- data/src/core/lib/surface/call_trace.h +30 -0
- data/src/core/lib/surface/channel.cc +44 -49
- data/src/core/lib/surface/channel.h +9 -1
- data/src/core/lib/surface/channel_ping.cc +1 -1
- data/src/core/lib/surface/channel_stack_type.cc +4 -0
- data/src/core/lib/surface/channel_stack_type.h +2 -0
- data/src/core/lib/surface/completion_queue.cc +38 -52
- data/src/core/lib/surface/init.cc +8 -39
- data/src/core/lib/surface/init_internally.h +8 -0
- data/src/core/lib/surface/lame_client.cc +10 -8
- data/src/core/lib/surface/server.cc +48 -70
- data/src/core/lib/surface/server.h +3 -4
- data/src/core/lib/surface/validate_metadata.cc +11 -12
- data/src/core/lib/surface/version.cc +2 -2
- data/src/core/lib/transport/connectivity_state.cc +2 -2
- data/src/core/lib/transport/error_utils.cc +34 -28
- data/src/core/lib/transport/error_utils.h +3 -3
- data/src/core/lib/transport/handshaker.cc +14 -14
- data/src/core/lib/transport/handshaker.h +1 -1
- data/src/core/lib/transport/handshaker_factory.h +26 -0
- data/src/core/lib/transport/handshaker_registry.cc +8 -2
- data/src/core/lib/transport/handshaker_registry.h +3 -4
- data/src/core/lib/transport/http_connect_handshaker.cc +23 -24
- data/src/core/lib/transport/metadata_batch.h +17 -1
- data/src/core/lib/transport/parsed_metadata.cc +2 -6
- data/src/core/lib/transport/tcp_connect_handshaker.cc +15 -20
- data/src/core/lib/transport/transport.cc +63 -17
- data/src/core/lib/transport/transport.h +64 -68
- data/src/core/lib/transport/transport_impl.h +1 -1
- data/src/core/lib/transport/transport_op_string.cc +7 -6
- data/src/core/plugin_registry/grpc_plugin_registry.cc +6 -10
- data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -14
- data/src/core/tsi/alts/handshaker/alts_handshaker_client.cc +10 -10
- data/src/core/tsi/alts/handshaker/alts_tsi_handshaker.cc +8 -8
- data/src/core/tsi/alts/handshaker/alts_tsi_utils.cc +2 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_integrity_only_record_protocol.cc +7 -7
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_privacy_integrity_record_protocol.cc +7 -6
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_grpc_record_protocol_common.cc +1 -1
- data/src/core/tsi/alts/zero_copy_frame_protector/alts_zero_copy_grpc_protector.cc +5 -5
- data/src/core/tsi/fake_transport_security.cc +3 -3
- data/src/core/tsi/ssl/key_logging/ssl_key_logging.cc +7 -3
- data/src/core/tsi/ssl/session_cache/ssl_session_boringssl.cc +1 -1
- data/src/core/tsi/ssl/session_cache/ssl_session_openssl.cc +6 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.c +0 -2
- data/src/ruby/ext/grpc/rb_grpc_imports.generated.h +0 -3
- data/src/ruby/lib/grpc/version.rb +1 -1
- data/src/ruby/spec/channel_spec.rb +0 -43
- data/src/ruby/spec/generic/active_call_spec.rb +12 -3
- data/third_party/abseil-cpp/absl/cleanup/cleanup.h +140 -0
- data/third_party/abseil-cpp/absl/cleanup/internal/cleanup.h +100 -0
- data/third_party/zlib/compress.c +3 -3
- data/third_party/zlib/crc32.c +21 -12
- data/third_party/zlib/deflate.c +112 -106
- data/third_party/zlib/deflate.h +2 -2
- data/third_party/zlib/gzlib.c +1 -1
- data/third_party/zlib/gzread.c +3 -5
- data/third_party/zlib/gzwrite.c +1 -1
- data/third_party/zlib/infback.c +10 -7
- data/third_party/zlib/inflate.c +5 -2
- data/third_party/zlib/inftrees.c +2 -2
- data/third_party/zlib/inftrees.h +1 -1
- data/third_party/zlib/trees.c +61 -62
- data/third_party/zlib/uncompr.c +2 -2
- data/third_party/zlib/zconf.h +16 -3
- data/third_party/zlib/zlib.h +10 -10
- data/third_party/zlib/zutil.c +9 -7
- data/third_party/zlib/zutil.h +1 -0
- metadata +57 -20
- data/src/core/ext/filters/client_channel/resolver_result_parsing.cc +0 -188
- data/src/core/ext/filters/fault_injection/service_config_parser.cc +0 -187
- data/src/core/lib/event_engine/executor/threaded_executor.h +0 -44
- data/src/core/lib/gpr/murmur_hash.cc +0 -82
- data/src/core/lib/gpr/murmur_hash.h +0 -29
- data/src/core/lib/gpr/tls.h +0 -156
- data/src/core/lib/promise/call_push_pull.h +0 -148
- data/src/core/lib/slice/slice_api.cc +0 -39
- data/src/core/lib/slice/slice_buffer_api.cc +0 -35
- data/src/core/lib/slice/slice_refcount_base.h +0 -60
@@ -25,13 +25,11 @@
|
|
25
25
|
#include <map>
|
26
26
|
#include <string>
|
27
27
|
#include <utility>
|
28
|
-
#include <vector>
|
29
28
|
|
30
|
-
#include "absl/status/status.h"
|
31
29
|
#include "absl/strings/match.h"
|
32
30
|
#include "absl/strings/str_cat.h"
|
33
|
-
#include "absl/strings/str_join.h"
|
34
31
|
#include "absl/strings/string_view.h"
|
32
|
+
#include "absl/types/variant.h"
|
35
33
|
#include "envoy/config/core/v3/address.upb.h"
|
36
34
|
#include "envoy/config/rbac/v3/rbac.upb.h"
|
37
35
|
#include "envoy/config/route/v3/route_components.upb.h"
|
@@ -43,6 +41,7 @@
|
|
43
41
|
#include "envoy/type/matcher/v3/string.upb.h"
|
44
42
|
#include "envoy/type/v3/range.upb.h"
|
45
43
|
#include "google/protobuf/wrappers.upb.h"
|
44
|
+
#include "upb/upb.h"
|
46
45
|
|
47
46
|
#include "src/core/ext/filters/rbac/rbac_filter.h"
|
48
47
|
#include "src/core/ext/filters/rbac/rbac_service_config_parser.h"
|
@@ -52,12 +51,6 @@
|
|
52
51
|
|
53
52
|
namespace grpc_core {
|
54
53
|
|
55
|
-
const char* kXdsHttpRbacFilterConfigName =
|
56
|
-
"envoy.extensions.filters.http.rbac.v3.RBAC";
|
57
|
-
|
58
|
-
const char* kXdsHttpRbacFilterConfigOverrideName =
|
59
|
-
"envoy.extensions.filters.http.rbac.v3.RBACPerRoute";
|
60
|
-
|
61
54
|
namespace {
|
62
55
|
|
63
56
|
Json ParseRegexMatcherToJson(
|
@@ -72,18 +65,20 @@ Json ParseInt64RangeToJson(const envoy_type_v3_Int64Range* range) {
|
|
72
65
|
{"end", envoy_type_v3_Int64Range_end(range)}};
|
73
66
|
}
|
74
67
|
|
75
|
-
|
76
|
-
|
68
|
+
Json ParseHeaderMatcherToJson(const envoy_config_route_v3_HeaderMatcher* header,
|
69
|
+
ValidationErrors* errors) {
|
77
70
|
Json::Object header_json;
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
71
|
+
{
|
72
|
+
ValidationErrors::ScopedField field(errors, ".name");
|
73
|
+
std::string name =
|
74
|
+
UpbStringToStdString(envoy_config_route_v3_HeaderMatcher_name(header));
|
75
|
+
if (name == ":scheme") {
|
76
|
+
errors->AddError("':scheme' not allowed in header");
|
77
|
+
} else if (absl::StartsWith(name, "grpc-")) {
|
78
|
+
errors->AddError("'grpc-' prefixes not allowed in header");
|
79
|
+
}
|
80
|
+
header_json.emplace("name", std::move(name));
|
85
81
|
}
|
86
|
-
header_json.emplace("name", std::move(name));
|
87
82
|
if (envoy_config_route_v3_HeaderMatcher_has_exact_match(header)) {
|
88
83
|
header_json.emplace(
|
89
84
|
"exactMatch",
|
@@ -119,19 +114,16 @@ absl::StatusOr<Json> ParseHeaderMatcherToJson(
|
|
119
114
|
UpbStringToStdString(
|
120
115
|
envoy_config_route_v3_HeaderMatcher_contains_match(header)));
|
121
116
|
} else {
|
122
|
-
errors
|
123
|
-
}
|
124
|
-
if (!errors.empty()) {
|
125
|
-
return absl::InvalidArgumentError(absl::StrCat(
|
126
|
-
"errors parsing HeaderMatcher: [", absl::StrJoin(errors, "; "), "]"));
|
117
|
+
errors->AddError("invalid route header matcher specified");
|
127
118
|
}
|
128
119
|
header_json.emplace("invertMatch",
|
129
120
|
envoy_config_route_v3_HeaderMatcher_invert_match(header));
|
130
121
|
return header_json;
|
131
122
|
}
|
132
123
|
|
133
|
-
|
134
|
-
const envoy_type_matcher_v3_StringMatcher* matcher
|
124
|
+
Json ParseStringMatcherToJson(
|
125
|
+
const envoy_type_matcher_v3_StringMatcher* matcher,
|
126
|
+
ValidationErrors* errors) {
|
135
127
|
Json::Object json;
|
136
128
|
if (envoy_type_matcher_v3_StringMatcher_has_exact(matcher)) {
|
137
129
|
json.emplace("exact",
|
@@ -154,30 +146,23 @@ absl::StatusOr<Json> ParseStringMatcherToJson(
|
|
154
146
|
UpbStringToStdString(
|
155
147
|
envoy_type_matcher_v3_StringMatcher_contains(matcher)));
|
156
148
|
} else {
|
157
|
-
|
149
|
+
errors->AddError("invalid match pattern");
|
158
150
|
}
|
159
151
|
json.emplace("ignoreCase",
|
160
152
|
envoy_type_matcher_v3_StringMatcher_ignore_case(matcher));
|
161
153
|
return json;
|
162
154
|
}
|
163
155
|
|
164
|
-
|
165
|
-
|
156
|
+
Json ParsePathMatcherToJson(const envoy_type_matcher_v3_PathMatcher* matcher,
|
157
|
+
ValidationErrors* errors) {
|
158
|
+
ValidationErrors::ScopedField field(errors, ".path");
|
166
159
|
const auto* path = envoy_type_matcher_v3_PathMatcher_path(matcher);
|
167
160
|
if (path == nullptr) {
|
168
|
-
|
169
|
-
|
170
|
-
Json::Object json;
|
171
|
-
auto path_json = ParseStringMatcherToJson(path);
|
172
|
-
if (!path_json.ok()) {
|
173
|
-
return path_json;
|
161
|
+
errors->AddError("field not present");
|
162
|
+
return Json();
|
174
163
|
}
|
175
|
-
|
176
|
-
return
|
177
|
-
}
|
178
|
-
|
179
|
-
Json ParseUInt32ValueToJson(const google_protobuf_UInt32Value* value) {
|
180
|
-
return Json::Object{{"value", google_protobuf_UInt32Value_value(value)}};
|
164
|
+
Json path_json = ParseStringMatcherToJson(path, errors);
|
165
|
+
return Json::Object{{"path", std::move(path_json)}};
|
181
166
|
}
|
182
167
|
|
183
168
|
Json ParseCidrRangeToJson(const envoy_config_core_v3_CidrRange* range) {
|
@@ -187,7 +172,7 @@ Json ParseCidrRangeToJson(const envoy_config_core_v3_CidrRange* range) {
|
|
187
172
|
envoy_config_core_v3_CidrRange_address_prefix(range)));
|
188
173
|
const auto* prefix_len = envoy_config_core_v3_CidrRange_prefix_len(range);
|
189
174
|
if (prefix_len != nullptr) {
|
190
|
-
json.emplace("prefixLen",
|
175
|
+
json.emplace("prefixLen", google_protobuf_UInt32Value_value(prefix_len));
|
191
176
|
}
|
192
177
|
return json;
|
193
178
|
}
|
@@ -203,65 +188,49 @@ Json ParseMetadataMatcherToJson(
|
|
203
188
|
return json;
|
204
189
|
}
|
205
190
|
|
206
|
-
|
207
|
-
|
191
|
+
Json ParsePermissionToJson(const envoy_config_rbac_v3_Permission* permission,
|
192
|
+
ValidationErrors* errors) {
|
208
193
|
Json::Object permission_json;
|
209
194
|
// Helper function to parse Permission::Set to JSON. Used by `and_rules` and
|
210
195
|
// `or_rules`.
|
211
196
|
auto parse_permission_set_to_json =
|
212
|
-
[](const envoy_config_rbac_v3_Permission_Set* set)
|
213
|
-
-> absl::StatusOr<Json> {
|
214
|
-
std::vector<std::string> errors;
|
197
|
+
[errors](const envoy_config_rbac_v3_Permission_Set* set) -> Json {
|
215
198
|
Json::Array rules_json;
|
216
199
|
size_t size;
|
217
200
|
const envoy_config_rbac_v3_Permission* const* rules =
|
218
201
|
envoy_config_rbac_v3_Permission_Set_rules(set, &size);
|
219
202
|
for (size_t i = 0; i < size; ++i) {
|
220
|
-
|
221
|
-
|
222
|
-
|
223
|
-
|
224
|
-
rules_json.emplace_back(std::move(*permission_json));
|
225
|
-
}
|
226
|
-
}
|
227
|
-
if (!errors.empty()) {
|
228
|
-
return absl::InvalidArgumentError(absl::StrCat(
|
229
|
-
"errors parsing Set: [", absl::StrJoin(errors, "; "), "]"));
|
203
|
+
ValidationErrors::ScopedField field(errors,
|
204
|
+
absl::StrCat(".rules[", i, "]"));
|
205
|
+
Json permission_json = ParsePermissionToJson(rules[i], errors);
|
206
|
+
rules_json.emplace_back(std::move(permission_json));
|
230
207
|
}
|
231
208
|
return Json::Object({{"rules", std::move(rules_json)}});
|
232
209
|
};
|
233
210
|
if (envoy_config_rbac_v3_Permission_has_and_rules(permission)) {
|
211
|
+
ValidationErrors::ScopedField field(errors, ".and_permission");
|
234
212
|
const auto* and_rules =
|
235
213
|
envoy_config_rbac_v3_Permission_and_rules(permission);
|
236
|
-
|
237
|
-
|
238
|
-
return permission_set_json;
|
239
|
-
}
|
240
|
-
permission_json.emplace("andRules", std::move(*permission_set_json));
|
214
|
+
Json permission_set_json = parse_permission_set_to_json(and_rules);
|
215
|
+
permission_json.emplace("andRules", std::move(permission_set_json));
|
241
216
|
} else if (envoy_config_rbac_v3_Permission_has_or_rules(permission)) {
|
217
|
+
ValidationErrors::ScopedField field(errors, ".or_permission");
|
242
218
|
const auto* or_rules = envoy_config_rbac_v3_Permission_or_rules(permission);
|
243
|
-
|
244
|
-
|
245
|
-
return permission_set_json;
|
246
|
-
}
|
247
|
-
permission_json.emplace("orRules", std::move(*permission_set_json));
|
219
|
+
Json permission_set_json = parse_permission_set_to_json(or_rules);
|
220
|
+
permission_json.emplace("orRules", std::move(permission_set_json));
|
248
221
|
} else if (envoy_config_rbac_v3_Permission_has_any(permission)) {
|
249
222
|
permission_json.emplace("any",
|
250
223
|
envoy_config_rbac_v3_Permission_any(permission));
|
251
224
|
} else if (envoy_config_rbac_v3_Permission_has_header(permission)) {
|
252
|
-
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
}
|
257
|
-
permission_json.emplace("header", std::move(*header_json));
|
225
|
+
ValidationErrors::ScopedField field(errors, ".header");
|
226
|
+
Json header_json = ParseHeaderMatcherToJson(
|
227
|
+
envoy_config_rbac_v3_Permission_header(permission), errors);
|
228
|
+
permission_json.emplace("header", std::move(header_json));
|
258
229
|
} else if (envoy_config_rbac_v3_Permission_has_url_path(permission)) {
|
259
|
-
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
}
|
264
|
-
permission_json.emplace("urlPath", std::move(*url_path_json));
|
230
|
+
ValidationErrors::ScopedField field(errors, ".url_path");
|
231
|
+
Json url_path_json = ParsePathMatcherToJson(
|
232
|
+
envoy_config_rbac_v3_Permission_url_path(permission), errors);
|
233
|
+
permission_json.emplace("urlPath", std::move(url_path_json));
|
265
234
|
} else if (envoy_config_rbac_v3_Permission_has_destination_ip(permission)) {
|
266
235
|
permission_json.emplace(
|
267
236
|
"destinationIp",
|
@@ -276,69 +245,53 @@ absl::StatusOr<Json> ParsePermissionToJson(
|
|
276
245
|
"metadata", ParseMetadataMatcherToJson(
|
277
246
|
envoy_config_rbac_v3_Permission_metadata(permission)));
|
278
247
|
} else if (envoy_config_rbac_v3_Permission_has_not_rule(permission)) {
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
}
|
284
|
-
permission_json.emplace("notRule", std::move(*not_rule_json));
|
248
|
+
ValidationErrors::ScopedField field(errors, ".not_rule");
|
249
|
+
Json not_rule_json = ParsePermissionToJson(
|
250
|
+
envoy_config_rbac_v3_Permission_not_rule(permission), errors);
|
251
|
+
permission_json.emplace("notRule", std::move(not_rule_json));
|
285
252
|
} else if (envoy_config_rbac_v3_Permission_has_requested_server_name(
|
286
253
|
permission)) {
|
287
|
-
|
288
|
-
|
289
|
-
|
290
|
-
|
291
|
-
}
|
254
|
+
ValidationErrors::ScopedField field(errors, ".requested_server_name");
|
255
|
+
Json requested_server_name_json = ParseStringMatcherToJson(
|
256
|
+
envoy_config_rbac_v3_Permission_requested_server_name(permission),
|
257
|
+
errors);
|
292
258
|
permission_json.emplace("requestedServerName",
|
293
|
-
std::move(
|
259
|
+
std::move(requested_server_name_json));
|
294
260
|
} else {
|
295
|
-
|
261
|
+
errors->AddError("invalid rule");
|
296
262
|
}
|
297
263
|
return permission_json;
|
298
264
|
}
|
299
265
|
|
300
|
-
|
301
|
-
|
266
|
+
Json ParsePrincipalToJson(const envoy_config_rbac_v3_Principal* principal,
|
267
|
+
ValidationErrors* errors) {
|
302
268
|
Json::Object principal_json;
|
303
269
|
// Helper function to parse Principal::Set to JSON. Used by `and_ids` and
|
304
270
|
// `or_ids`.
|
305
271
|
auto parse_principal_set_to_json =
|
306
|
-
[](const envoy_config_rbac_v3_Principal_Set* set)
|
307
|
-
-> absl::StatusOr<Json> {
|
308
|
-
Json::Object json;
|
309
|
-
std::vector<std::string> errors;
|
272
|
+
[errors](const envoy_config_rbac_v3_Principal_Set* set) -> Json {
|
310
273
|
Json::Array ids_json;
|
311
274
|
size_t size;
|
312
275
|
const envoy_config_rbac_v3_Principal* const* ids =
|
313
276
|
envoy_config_rbac_v3_Principal_Set_ids(set, &size);
|
314
277
|
for (size_t i = 0; i < size; ++i) {
|
315
|
-
|
316
|
-
|
317
|
-
|
318
|
-
|
319
|
-
ids_json.emplace_back(std::move(*principal_json));
|
320
|
-
}
|
321
|
-
}
|
322
|
-
if (!errors.empty()) {
|
323
|
-
return absl::InvalidArgumentError(absl::StrCat(
|
324
|
-
"errors parsing Set: [", absl::StrJoin(errors, "; "), "]"));
|
278
|
+
ValidationErrors::ScopedField field(errors,
|
279
|
+
absl::StrCat(".ids[", i, "]"));
|
280
|
+
Json principal_json = ParsePrincipalToJson(ids[i], errors);
|
281
|
+
ids_json.emplace_back(std::move(principal_json));
|
325
282
|
}
|
326
283
|
return Json::Object({{"ids", std::move(ids_json)}});
|
327
284
|
};
|
328
285
|
if (envoy_config_rbac_v3_Principal_has_and_ids(principal)) {
|
286
|
+
ValidationErrors::ScopedField field(errors, ".and_ids");
|
329
287
|
const auto* and_rules = envoy_config_rbac_v3_Principal_and_ids(principal);
|
330
|
-
|
331
|
-
|
332
|
-
return principal_set_json;
|
333
|
-
}
|
334
|
-
principal_json.emplace("andIds", std::move(*principal_set_json));
|
288
|
+
Json principal_set_json = parse_principal_set_to_json(and_rules);
|
289
|
+
principal_json.emplace("andIds", std::move(principal_set_json));
|
335
290
|
} else if (envoy_config_rbac_v3_Principal_has_or_ids(principal)) {
|
291
|
+
ValidationErrors::ScopedField field(errors, ".or_ids");
|
336
292
|
const auto* or_rules = envoy_config_rbac_v3_Principal_or_ids(principal);
|
337
|
-
|
338
|
-
|
339
|
-
return principal_set_json;
|
340
|
-
}
|
341
|
-
principal_json.emplace("orIds", std::move(*principal_set_json));
|
293
|
+
Json principal_set_json = parse_principal_set_to_json(or_rules);
|
294
|
+
principal_json.emplace("orIds", std::move(principal_set_json));
|
342
295
|
} else if (envoy_config_rbac_v3_Principal_has_any(principal)) {
|
343
296
|
principal_json.emplace("any",
|
344
297
|
envoy_config_rbac_v3_Principal_any(principal));
|
@@ -350,12 +303,12 @@ absl::StatusOr<Json> ParsePrincipalToJson(
|
|
350
303
|
envoy_config_rbac_v3_Principal_Authenticated_principal_name(
|
351
304
|
envoy_config_rbac_v3_Principal_authenticated(principal));
|
352
305
|
if (principal_name != nullptr) {
|
353
|
-
|
354
|
-
|
355
|
-
|
356
|
-
|
306
|
+
ValidationErrors::ScopedField field(errors,
|
307
|
+
".authenticated.principal_name");
|
308
|
+
Json principal_name_json =
|
309
|
+
ParseStringMatcherToJson(principal_name, errors);
|
357
310
|
authenticated_json->emplace("principalName",
|
358
|
-
std::move(
|
311
|
+
std::move(principal_name_json));
|
359
312
|
}
|
360
313
|
} else if (envoy_config_rbac_v3_Principal_has_source_ip(principal)) {
|
361
314
|
principal_json.emplace(
|
@@ -371,84 +324,71 @@ absl::StatusOr<Json> ParsePrincipalToJson(
|
|
371
324
|
"remoteIp", ParseCidrRangeToJson(
|
372
325
|
envoy_config_rbac_v3_Principal_remote_ip(principal)));
|
373
326
|
} else if (envoy_config_rbac_v3_Principal_has_header(principal)) {
|
374
|
-
|
375
|
-
|
376
|
-
|
377
|
-
|
378
|
-
}
|
379
|
-
principal_json.emplace("header", std::move(*header_json));
|
327
|
+
ValidationErrors::ScopedField field(errors, ".header");
|
328
|
+
Json header_json = ParseHeaderMatcherToJson(
|
329
|
+
envoy_config_rbac_v3_Principal_header(principal), errors);
|
330
|
+
principal_json.emplace("header", std::move(header_json));
|
380
331
|
} else if (envoy_config_rbac_v3_Principal_has_url_path(principal)) {
|
381
|
-
|
382
|
-
|
383
|
-
|
384
|
-
|
385
|
-
}
|
386
|
-
principal_json.emplace("urlPath", std::move(*url_path_json));
|
332
|
+
ValidationErrors::ScopedField field(errors, ".url_path");
|
333
|
+
Json url_path_json = ParsePathMatcherToJson(
|
334
|
+
envoy_config_rbac_v3_Principal_url_path(principal), errors);
|
335
|
+
principal_json.emplace("urlPath", std::move(url_path_json));
|
387
336
|
} else if (envoy_config_rbac_v3_Principal_has_metadata(principal)) {
|
388
337
|
principal_json.emplace(
|
389
338
|
"metadata", ParseMetadataMatcherToJson(
|
390
339
|
envoy_config_rbac_v3_Principal_metadata(principal)));
|
391
340
|
} else if (envoy_config_rbac_v3_Principal_has_not_id(principal)) {
|
392
|
-
|
393
|
-
|
394
|
-
|
395
|
-
|
396
|
-
}
|
397
|
-
principal_json.emplace("notId", std::move(*not_id_json));
|
341
|
+
ValidationErrors::ScopedField field(errors, ".not_id");
|
342
|
+
Json not_id_json = ParsePrincipalToJson(
|
343
|
+
envoy_config_rbac_v3_Principal_not_id(principal), errors);
|
344
|
+
principal_json.emplace("notId", std::move(not_id_json));
|
398
345
|
} else {
|
399
|
-
|
346
|
+
errors->AddError("invalid rule");
|
400
347
|
}
|
401
348
|
return principal_json;
|
402
349
|
}
|
403
350
|
|
404
|
-
|
405
|
-
|
351
|
+
Json ParsePolicyToJson(const envoy_config_rbac_v3_Policy* policy,
|
352
|
+
ValidationErrors* errors) {
|
406
353
|
Json::Object policy_json;
|
407
|
-
std::vector<std::string> errors;
|
408
354
|
size_t size;
|
409
355
|
Json::Array permissions_json;
|
410
356
|
const envoy_config_rbac_v3_Permission* const* permissions =
|
411
357
|
envoy_config_rbac_v3_Policy_permissions(policy, &size);
|
412
358
|
for (size_t i = 0; i < size; ++i) {
|
413
|
-
|
414
|
-
|
415
|
-
|
416
|
-
|
417
|
-
permissions_json.emplace_back(std::move(*permission_json));
|
418
|
-
}
|
359
|
+
ValidationErrors::ScopedField field(errors,
|
360
|
+
absl::StrCat(".permissions[", i, "]"));
|
361
|
+
Json permission_json = ParsePermissionToJson(permissions[i], errors);
|
362
|
+
permissions_json.emplace_back(std::move(permission_json));
|
419
363
|
}
|
420
364
|
policy_json.emplace("permissions", std::move(permissions_json));
|
421
365
|
Json::Array principals_json;
|
422
366
|
const envoy_config_rbac_v3_Principal* const* principals =
|
423
367
|
envoy_config_rbac_v3_Policy_principals(policy, &size);
|
424
368
|
for (size_t i = 0; i < size; ++i) {
|
425
|
-
|
426
|
-
|
427
|
-
|
428
|
-
|
429
|
-
principals_json.emplace_back(std::move(*principal_json));
|
430
|
-
}
|
369
|
+
ValidationErrors::ScopedField field(errors,
|
370
|
+
absl::StrCat(".principals[", i, "]"));
|
371
|
+
Json principal_json = ParsePrincipalToJson(principals[i], errors);
|
372
|
+
principals_json.emplace_back(std::move(principal_json));
|
431
373
|
}
|
432
374
|
policy_json.emplace("principals", std::move(principals_json));
|
433
375
|
if (envoy_config_rbac_v3_Policy_has_condition(policy)) {
|
434
|
-
errors.
|
376
|
+
ValidationErrors::ScopedField field(errors, ".condition");
|
377
|
+
errors->AddError("condition not supported");
|
435
378
|
}
|
436
379
|
if (envoy_config_rbac_v3_Policy_has_checked_condition(policy)) {
|
437
|
-
errors.
|
438
|
-
|
439
|
-
if (!errors.empty()) {
|
440
|
-
return absl::InvalidArgumentError(absl::StrCat(
|
441
|
-
"errors parsing Policy: [", absl::StrJoin(errors, "; "), "]"));
|
380
|
+
ValidationErrors::ScopedField field(errors, ".checked_condition");
|
381
|
+
errors->AddError("checked condition not supported");
|
442
382
|
}
|
443
383
|
return policy_json;
|
444
384
|
}
|
445
385
|
|
446
|
-
|
447
|
-
|
386
|
+
Json ParseHttpRbacToJson(const envoy_extensions_filters_http_rbac_v3_RBAC* rbac,
|
387
|
+
ValidationErrors* errors) {
|
448
388
|
Json::Object rbac_json;
|
449
|
-
std::vector<std::string> errors;
|
450
389
|
const auto* rules = envoy_extensions_filters_http_rbac_v3_RBAC_rules(rbac);
|
451
390
|
if (rules != nullptr) {
|
391
|
+
ValidationErrors::ScopedField field(errors, ".rules");
|
452
392
|
int action = envoy_config_rbac_v3_RBAC_action(rules);
|
453
393
|
// Treat Log action as RBAC being absent
|
454
394
|
if (action == envoy_config_rbac_v3_RBAC_LOG) {
|
@@ -464,77 +404,82 @@ absl::StatusOr<Json> ParseHttpRbacToJson(
|
|
464
404
|
if (entry == nullptr) {
|
465
405
|
break;
|
466
406
|
}
|
467
|
-
|
468
|
-
|
469
|
-
|
470
|
-
|
471
|
-
|
472
|
-
|
473
|
-
|
474
|
-
" error:", policy.status().message()));
|
475
|
-
} else {
|
476
|
-
policies_object.emplace(
|
477
|
-
UpbStringToStdString(
|
478
|
-
envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry)),
|
479
|
-
std::move(*policy));
|
480
|
-
}
|
407
|
+
absl::string_view key =
|
408
|
+
UpbStringToAbsl(envoy_config_rbac_v3_RBAC_PoliciesEntry_key(entry));
|
409
|
+
ValidationErrors::ScopedField field(
|
410
|
+
errors, absl::StrCat(".policies[", key, "]"));
|
411
|
+
Json policy = ParsePolicyToJson(
|
412
|
+
envoy_config_rbac_v3_RBAC_PoliciesEntry_value(entry), errors);
|
413
|
+
policies_object.emplace(std::string(key), std::move(policy));
|
481
414
|
}
|
482
415
|
inner_rbac_json.emplace("policies", std::move(policies_object));
|
483
416
|
}
|
484
417
|
rbac_json.emplace("rules", std::move(inner_rbac_json));
|
485
418
|
}
|
486
|
-
if (!errors.empty()) {
|
487
|
-
return absl::InvalidArgumentError(absl::StrCat(
|
488
|
-
"errors parsing RBAC: [", absl::StrJoin(errors, "; "), "]"));
|
489
|
-
}
|
490
419
|
return rbac_json;
|
491
420
|
}
|
492
421
|
|
493
422
|
} // namespace
|
494
423
|
|
424
|
+
absl::string_view XdsHttpRbacFilter::ConfigProtoName() const {
|
425
|
+
return "envoy.extensions.filters.http.rbac.v3.RBAC";
|
426
|
+
}
|
427
|
+
|
428
|
+
absl::string_view XdsHttpRbacFilter::OverrideConfigProtoName() const {
|
429
|
+
return "envoy.extensions.filters.http.rbac.v3.RBACPerRoute";
|
430
|
+
}
|
431
|
+
|
495
432
|
void XdsHttpRbacFilter::PopulateSymtab(upb_DefPool* symtab) const {
|
496
433
|
envoy_extensions_filters_http_rbac_v3_RBAC_getmsgdef(symtab);
|
497
434
|
}
|
498
435
|
|
499
|
-
absl::
|
500
|
-
XdsHttpRbacFilter::GenerateFilterConfig(
|
501
|
-
upb_Arena* arena
|
502
|
-
|
436
|
+
absl::optional<XdsHttpFilterImpl::FilterConfig>
|
437
|
+
XdsHttpRbacFilter::GenerateFilterConfig(XdsExtension extension,
|
438
|
+
upb_Arena* arena,
|
439
|
+
ValidationErrors* errors) const {
|
440
|
+
absl::string_view* serialized_filter_config =
|
441
|
+
absl::get_if<absl::string_view>(&extension.value);
|
442
|
+
if (serialized_filter_config == nullptr) {
|
443
|
+
errors->AddError("could not parse HTTP RBAC filter config");
|
444
|
+
return absl::nullopt;
|
445
|
+
}
|
503
446
|
auto* rbac = envoy_extensions_filters_http_rbac_v3_RBAC_parse(
|
504
|
-
serialized_filter_config
|
447
|
+
serialized_filter_config->data(), serialized_filter_config->size(),
|
448
|
+
arena);
|
505
449
|
if (rbac == nullptr) {
|
506
|
-
|
507
|
-
|
508
|
-
}
|
509
|
-
rbac_json = ParseHttpRbacToJson(rbac);
|
510
|
-
if (!rbac_json.ok()) {
|
511
|
-
return rbac_json.status();
|
450
|
+
errors->AddError("could not parse HTTP RBAC filter config");
|
451
|
+
return absl::nullopt;
|
512
452
|
}
|
513
|
-
return FilterConfig{
|
453
|
+
return FilterConfig{ConfigProtoName(), ParseHttpRbacToJson(rbac, errors)};
|
514
454
|
}
|
515
455
|
|
516
|
-
absl::
|
456
|
+
absl::optional<XdsHttpFilterImpl::FilterConfig>
|
517
457
|
XdsHttpRbacFilter::GenerateFilterConfigOverride(
|
518
|
-
|
458
|
+
XdsExtension extension, upb_Arena* arena, ValidationErrors* errors) const {
|
459
|
+
absl::string_view* serialized_filter_config =
|
460
|
+
absl::get_if<absl::string_view>(&extension.value);
|
461
|
+
if (serialized_filter_config == nullptr) {
|
462
|
+
errors->AddError("could not parse RBACPerRoute");
|
463
|
+
return absl::nullopt;
|
464
|
+
}
|
519
465
|
auto* rbac_per_route =
|
520
466
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_parse(
|
521
|
-
serialized_filter_config
|
467
|
+
serialized_filter_config->data(), serialized_filter_config->size(),
|
468
|
+
arena);
|
522
469
|
if (rbac_per_route == nullptr) {
|
523
|
-
|
470
|
+
errors->AddError("could not parse RBACPerRoute");
|
471
|
+
return absl::nullopt;
|
524
472
|
}
|
525
|
-
|
473
|
+
Json rbac_json;
|
526
474
|
const auto* rbac =
|
527
475
|
envoy_extensions_filters_http_rbac_v3_RBACPerRoute_rbac(rbac_per_route);
|
528
476
|
if (rbac == nullptr) {
|
529
477
|
rbac_json = Json::Object();
|
530
478
|
} else {
|
531
|
-
|
532
|
-
|
533
|
-
return rbac_json.status();
|
534
|
-
}
|
479
|
+
ValidationErrors::ScopedField field(errors, ".rbac");
|
480
|
+
rbac_json = ParseHttpRbacToJson(rbac, errors);
|
535
481
|
}
|
536
|
-
return FilterConfig{
|
537
|
-
std::move(*rbac_json)};
|
482
|
+
return FilterConfig{OverrideConfigProtoName(), std::move(rbac_json)};
|
538
483
|
}
|
539
484
|
|
540
485
|
const grpc_channel_filter* XdsHttpRbacFilter::channel_filter() const {
|
@@ -20,39 +20,36 @@
|
|
20
20
|
#include <grpc/support/port_platform.h>
|
21
21
|
|
22
22
|
#include "absl/status/statusor.h"
|
23
|
+
#include "absl/strings/string_view.h"
|
24
|
+
#include "absl/types/optional.h"
|
23
25
|
#include "upb/arena.h"
|
24
26
|
#include "upb/def.h"
|
25
|
-
#include "upb/upb.h"
|
26
27
|
|
28
|
+
#include "src/core/ext/xds/xds_common_types.h"
|
27
29
|
#include "src/core/ext/xds/xds_http_filters.h"
|
28
30
|
#include "src/core/lib/channel/channel_args.h"
|
29
31
|
#include "src/core/lib/channel/channel_fwd.h"
|
32
|
+
#include "src/core/lib/gprpp/validation_errors.h"
|
30
33
|
|
31
34
|
namespace grpc_core {
|
32
35
|
|
33
|
-
extern const char* kXdsHttpRbacFilterConfigName;
|
34
|
-
extern const char* kXdsHttpRbacFilterConfigOverrideName;
|
35
|
-
|
36
36
|
class XdsHttpRbacFilter : public XdsHttpFilterImpl {
|
37
37
|
public:
|
38
|
+
absl::string_view ConfigProtoName() const override;
|
39
|
+
absl::string_view OverrideConfigProtoName() const override;
|
38
40
|
void PopulateSymtab(upb_DefPool* symtab) const override;
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
41
|
+
absl::optional<FilterConfig> GenerateFilterConfig(
|
42
|
+
XdsExtension extension, upb_Arena* arena,
|
43
|
+
ValidationErrors* errors) const override;
|
44
|
+
absl::optional<FilterConfig> GenerateFilterConfigOverride(
|
45
|
+
XdsExtension extension, upb_Arena* arena,
|
46
|
+
ValidationErrors* errors) const override;
|
46
47
|
const grpc_channel_filter* channel_filter() const override;
|
47
|
-
|
48
48
|
ChannelArgs ModifyChannelArgs(const ChannelArgs& args) const override;
|
49
|
-
|
50
49
|
absl::StatusOr<ServiceConfigJsonEntry> GenerateServiceConfig(
|
51
50
|
const FilterConfig& hcm_filter_config,
|
52
51
|
const FilterConfig* filter_config_override) const override;
|
53
|
-
|
54
52
|
bool IsSupportedOnClients() const override { return false; }
|
55
|
-
|
56
53
|
bool IsSupportedOnServers() const override { return true; }
|
57
54
|
};
|
58
55
|
|