grpc 1.55.0 → 1.56.0

Sign up to get free protection for your applications and to get access to all the features.

Potentially problematic release.


This version of grpc might be problematic. Click here for more details.

Files changed (374) hide show
  1. checksums.yaml +4 -4
  2. data/Makefile +100 -68
  3. data/include/grpc/event_engine/event_engine.h +4 -3
  4. data/include/grpc/grpc_audit_logging.h +96 -0
  5. data/include/grpc/module.modulemap +2 -0
  6. data/include/grpc/support/json.h +218 -0
  7. data/src/core/ext/filters/backend_metrics/backend_metric_filter.cc +5 -0
  8. data/src/core/ext/filters/client_channel/backend_metric.cc +2 -0
  9. data/src/core/ext/filters/client_channel/channel_connectivity.cc +4 -4
  10. data/src/core/ext/filters/client_channel/client_channel.cc +86 -104
  11. data/src/core/ext/filters/client_channel/client_channel.h +6 -0
  12. data/src/core/ext/filters/client_channel/client_channel_channelz.cc +19 -18
  13. data/src/core/ext/filters/client_channel/client_channel_internal.h +16 -21
  14. data/src/core/ext/filters/client_channel/config_selector.h +9 -24
  15. data/src/core/ext/filters/client_channel/lb_policy/backend_metric_data.h +3 -0
  16. data/src/core/ext/filters/client_channel/lb_policy/grpclb/grpclb.cc +5 -4
  17. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.cc +455 -0
  18. data/src/core/ext/filters/client_channel/lb_policy/health_check_client.h +54 -0
  19. data/src/core/ext/filters/client_channel/lb_policy/health_check_client_internal.h +186 -0
  20. data/src/core/ext/filters/client_channel/lb_policy/oob_backend_metric.cc +2 -7
  21. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.cc +52 -20
  22. data/src/core/ext/filters/client_channel/lb_policy/outlier_detection/outlier_detection.h +23 -2
  23. data/src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc +19 -6
  24. data/src/core/ext/filters/client_channel/lb_policy/priority/priority.cc +1 -9
  25. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.cc +16 -7
  26. data/src/core/ext/filters/client_channel/lb_policy/ring_hash/ring_hash.h +18 -1
  27. data/src/core/ext/filters/client_channel/lb_policy/rls/rls.cc +12 -9
  28. data/src/core/ext/filters/client_channel/lb_policy/round_robin/round_robin.cc +6 -4
  29. data/src/core/ext/filters/client_channel/lb_policy/subchannel_list.h +36 -13
  30. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/static_stride_scheduler.cc +76 -6
  31. data/src/core/ext/filters/client_channel/lb_policy/weighted_round_robin/weighted_round_robin.cc +32 -39
  32. data/src/core/ext/filters/client_channel/lb_policy/weighted_target/weighted_target.cc +4 -10
  33. data/src/core/ext/filters/client_channel/lb_policy/xds/cds.cc +52 -47
  34. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_impl.cc +1 -9
  35. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_manager.cc +14 -16
  36. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_cluster_resolver.cc +40 -43
  37. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_override_host.cc +7 -12
  38. data/src/core/ext/filters/client_channel/lb_policy/xds/xds_wrr_locality.cc +12 -19
  39. data/src/core/ext/filters/client_channel/resolver/dns/c_ares/grpc_ares_wrapper.cc +35 -33
  40. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/event_engine_client_channel_resolver.cc +29 -4
  41. data/src/core/ext/filters/client_channel/resolver/dns/event_engine/service_config_helper.cc +1 -1
  42. data/src/core/ext/filters/client_channel/resolver/google_c2p/google_c2p_resolver.cc +28 -27
  43. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.cc +163 -46
  44. data/src/core/ext/filters/client_channel/resolver/xds/xds_resolver.h +16 -1
  45. data/src/core/ext/filters/client_channel/retry_service_config.cc +1 -0
  46. data/src/core/ext/filters/client_channel/service_config_channel_arg_filter.cc +10 -40
  47. data/src/core/ext/filters/client_channel/subchannel.cc +10 -196
  48. data/src/core/ext/filters/client_channel/subchannel.h +3 -43
  49. data/src/core/ext/filters/http/message_compress/compression_filter.cc +5 -5
  50. data/src/core/ext/filters/rbac/rbac_service_config_parser.cc +100 -6
  51. data/src/core/ext/filters/server_config_selector/server_config_selector_filter.cc +6 -8
  52. data/src/core/ext/filters/stateful_session/stateful_session_filter.cc +3 -3
  53. data/src/core/ext/filters/stateful_session/stateful_session_filter.h +16 -1
  54. data/src/core/ext/transport/chttp2/transport/flow_control.cc +46 -95
  55. data/src/core/ext/transport/chttp2/transport/internal.h +1 -15
  56. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.c +11 -2
  57. data/src/core/ext/upb-generated/xds/data/orca/v3/orca_load_report.upb.h +15 -0
  58. data/src/core/ext/xds/certificate_provider_store.cc +4 -9
  59. data/src/core/ext/xds/certificate_provider_store.h +1 -1
  60. data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc +30 -42
  61. data/src/core/ext/xds/file_watcher_certificate_provider_factory.h +14 -9
  62. data/src/core/ext/xds/xds_api.cc +9 -6
  63. data/src/core/ext/xds/xds_api.h +3 -2
  64. data/src/core/ext/xds/xds_audit_logger_registry.cc +122 -0
  65. data/src/core/ext/xds/xds_audit_logger_registry.h +68 -0
  66. data/src/core/ext/xds/xds_bootstrap_grpc.cc +21 -9
  67. data/src/core/ext/xds/xds_bootstrap_grpc.h +5 -0
  68. data/src/core/ext/xds/xds_client.cc +5 -4
  69. data/src/core/ext/xds/xds_client_stats.h +1 -1
  70. data/src/core/ext/xds/xds_cluster.cc +20 -19
  71. data/src/core/ext/xds/xds_cluster_specifier_plugin.cc +11 -8
  72. data/src/core/ext/xds/xds_common_types.cc +3 -1
  73. data/src/core/ext/xds/xds_http_fault_filter.cc +16 -13
  74. data/src/core/ext/xds/xds_http_fault_filter.h +2 -1
  75. data/src/core/ext/xds/xds_http_filters.h +4 -2
  76. data/src/core/ext/xds/xds_http_rbac_filter.cc +154 -67
  77. data/src/core/ext/xds/xds_http_rbac_filter.h +2 -1
  78. data/src/core/ext/xds/xds_http_stateful_session_filter.cc +15 -11
  79. data/src/core/ext/xds/xds_http_stateful_session_filter.h +2 -1
  80. data/src/core/ext/xds/xds_lb_policy_registry.cc +22 -16
  81. data/src/core/ext/xds/xds_listener.cc +1 -0
  82. data/src/core/ext/xds/xds_route_config.cc +40 -3
  83. data/src/core/ext/xds/xds_routing.cc +2 -2
  84. data/src/core/ext/xds/xds_transport_grpc.cc +3 -1
  85. data/src/core/lib/avl/avl.h +5 -0
  86. data/src/core/lib/channel/channel_args.cc +80 -22
  87. data/src/core/lib/channel/channel_args.h +34 -1
  88. data/src/core/lib/channel/channel_trace.cc +16 -12
  89. data/src/core/lib/channel/channelz.cc +159 -132
  90. data/src/core/lib/channel/channelz.h +42 -35
  91. data/src/core/lib/channel/channelz_registry.cc +23 -20
  92. data/src/core/lib/channel/connected_channel.cc +17 -6
  93. data/src/core/lib/channel/promise_based_filter.cc +0 -4
  94. data/src/core/lib/channel/promise_based_filter.h +2 -0
  95. data/src/core/lib/compression/compression_internal.cc +2 -5
  96. data/src/core/lib/config/config_vars.cc +20 -18
  97. data/src/core/lib/config/config_vars.h +4 -4
  98. data/src/core/lib/config/load_config.cc +13 -0
  99. data/src/core/lib/config/load_config.h +6 -0
  100. data/src/core/lib/debug/event_log.h +1 -1
  101. data/src/core/lib/debug/stats_data.h +1 -1
  102. data/src/core/lib/debug/trace.cc +24 -55
  103. data/src/core/lib/debug/trace.h +3 -1
  104. data/src/core/lib/event_engine/cf_engine/cf_engine.cc +211 -0
  105. data/src/core/lib/event_engine/cf_engine/cf_engine.h +86 -0
  106. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.cc +354 -0
  107. data/src/core/lib/event_engine/cf_engine/cfstream_endpoint.h +146 -0
  108. data/src/core/lib/event_engine/cf_engine/cftype_unique_ref.h +79 -0
  109. data/src/core/lib/event_engine/default_event_engine.cc +13 -1
  110. data/src/core/lib/event_engine/default_event_engine_factory.cc +14 -2
  111. data/src/core/lib/event_engine/poller.h +2 -2
  112. data/src/core/lib/event_engine/posix.h +4 -0
  113. data/src/core/lib/event_engine/posix_engine/ev_epoll1_linux.cc +1 -1
  114. data/src/core/lib/event_engine/posix_engine/lockfree_event.cc +7 -18
  115. data/src/core/lib/event_engine/posix_engine/posix_endpoint.h +9 -0
  116. data/src/core/lib/event_engine/posix_engine/posix_engine.cc +33 -19
  117. data/src/core/lib/event_engine/posix_engine/posix_engine.h +1 -1
  118. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.cc +4 -4
  119. data/src/core/lib/event_engine/posix_engine/posix_engine_listener.h +7 -8
  120. data/src/core/lib/event_engine/posix_engine/timer_manager.h +1 -1
  121. data/src/core/lib/event_engine/shim.cc +7 -1
  122. data/src/core/lib/event_engine/{thread_pool.cc → thread_pool/original_thread_pool.cc} +28 -25
  123. data/src/core/lib/event_engine/{thread_pool.h → thread_pool/original_thread_pool.h} +11 -15
  124. data/src/core/lib/event_engine/thread_pool/thread_pool.h +50 -0
  125. data/src/core/lib/event_engine/{executor/executor.h → thread_pool/thread_pool_factory.cc} +17 -15
  126. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.cc +489 -0
  127. data/src/core/lib/event_engine/thread_pool/work_stealing_thread_pool.h +249 -0
  128. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.cc +166 -0
  129. data/src/core/lib/event_engine/thready_event_engine/thready_event_engine.h +108 -0
  130. data/src/core/lib/event_engine/windows/iocp.cc +4 -3
  131. data/src/core/lib/event_engine/windows/iocp.h +3 -3
  132. data/src/core/lib/event_engine/windows/win_socket.cc +6 -6
  133. data/src/core/lib/event_engine/windows/win_socket.h +4 -4
  134. data/src/core/lib/event_engine/windows/windows_endpoint.cc +11 -10
  135. data/src/core/lib/event_engine/windows/windows_endpoint.h +3 -2
  136. data/src/core/lib/event_engine/windows/windows_engine.cc +19 -17
  137. data/src/core/lib/event_engine/windows/windows_engine.h +6 -6
  138. data/src/core/lib/event_engine/windows/windows_listener.cc +3 -3
  139. data/src/core/lib/event_engine/windows/windows_listener.h +3 -2
  140. data/src/core/lib/event_engine/work_queue/basic_work_queue.cc +63 -0
  141. data/src/core/lib/event_engine/work_queue/basic_work_queue.h +71 -0
  142. data/src/core/lib/event_engine/work_queue/work_queue.h +62 -0
  143. data/src/core/lib/experiments/config.cc +38 -7
  144. data/src/core/lib/experiments/config.h +16 -0
  145. data/src/core/lib/experiments/experiments.cc +67 -20
  146. data/src/core/lib/experiments/experiments.h +27 -21
  147. data/src/core/lib/gpr/log_internal.h +55 -0
  148. data/src/core/lib/gprpp/crash.cc +10 -0
  149. data/src/core/lib/gprpp/crash.h +3 -0
  150. data/src/core/lib/gprpp/per_cpu.cc +33 -0
  151. data/src/core/lib/gprpp/per_cpu.h +29 -6
  152. data/src/core/lib/gprpp/time.cc +1 -0
  153. data/src/core/lib/iomgr/cfstream_handle.cc +1 -1
  154. data/src/core/lib/iomgr/endpoint_cfstream.cc +10 -8
  155. data/src/core/lib/iomgr/ev_apple.cc +12 -12
  156. data/src/core/lib/iomgr/ev_epoll1_linux.cc +10 -3
  157. data/src/core/lib/iomgr/event_engine_shims/endpoint.cc +15 -1
  158. data/src/core/lib/iomgr/iocp_windows.cc +24 -3
  159. data/src/core/lib/iomgr/iocp_windows.h +11 -0
  160. data/src/core/lib/iomgr/iomgr_posix_cfstream.cc +1 -1
  161. data/src/core/lib/iomgr/socket_utils_common_posix.cc +4 -2
  162. data/src/core/lib/iomgr/socket_windows.cc +61 -7
  163. data/src/core/lib/iomgr/socket_windows.h +9 -2
  164. data/src/core/lib/iomgr/tcp_client_cfstream.cc +14 -3
  165. data/src/core/lib/iomgr/tcp_server_posix.cc +148 -107
  166. data/src/core/lib/iomgr/tcp_server_utils_posix.h +1 -1
  167. data/src/core/lib/iomgr/tcp_server_windows.cc +1 -1
  168. data/src/core/lib/json/json.h +2 -166
  169. data/src/core/lib/json/json_object_loader.cc +8 -9
  170. data/src/core/lib/json/json_object_loader.h +25 -18
  171. data/src/core/lib/json/json_reader.cc +13 -6
  172. data/src/core/lib/json/json_util.cc +6 -11
  173. data/src/core/lib/json/json_writer.cc +7 -8
  174. data/src/core/lib/load_balancing/lb_policy.h +13 -0
  175. data/src/core/lib/load_balancing/lb_policy_registry.cc +2 -1
  176. data/src/core/lib/matchers/matchers.cc +3 -4
  177. data/src/core/lib/matchers/matchers.h +2 -1
  178. data/src/core/lib/promise/activity.cc +5 -0
  179. data/src/core/lib/promise/activity.h +10 -0
  180. data/src/core/lib/promise/detail/promise_factory.h +1 -1
  181. data/src/core/lib/promise/party.cc +31 -13
  182. data/src/core/lib/promise/party.h +11 -2
  183. data/src/core/lib/promise/pipe.h +9 -2
  184. data/src/core/lib/promise/prioritized_race.h +95 -0
  185. data/src/core/lib/promise/sleep.cc +2 -1
  186. data/src/core/lib/resolver/server_address.cc +0 -8
  187. data/src/core/lib/resolver/server_address.h +0 -6
  188. data/src/core/lib/resource_quota/memory_quota.cc +7 -7
  189. data/src/core/lib/resource_quota/memory_quota.h +1 -2
  190. data/src/core/lib/security/authorization/audit_logging.cc +98 -0
  191. data/src/core/lib/security/authorization/audit_logging.h +73 -0
  192. data/src/core/lib/security/authorization/grpc_authorization_engine.cc +47 -2
  193. data/src/core/lib/security/authorization/grpc_authorization_engine.h +18 -1
  194. data/src/core/lib/security/authorization/rbac_policy.cc +36 -4
  195. data/src/core/lib/security/authorization/rbac_policy.h +19 -2
  196. data/src/core/lib/security/authorization/stdout_logger.cc +75 -0
  197. data/src/core/lib/security/authorization/stdout_logger.h +61 -0
  198. data/src/core/lib/security/certificate_provider/certificate_provider_factory.h +8 -4
  199. data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc +8 -18
  200. data/src/core/lib/security/certificate_provider/certificate_provider_registry.h +14 -8
  201. data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc +19 -12
  202. data/src/core/lib/security/credentials/external/external_account_credentials.cc +4 -2
  203. data/src/core/lib/security/credentials/external/file_external_account_credentials.cc +1 -0
  204. data/src/core/lib/security/credentials/external/url_external_account_credentials.cc +1 -0
  205. data/src/core/lib/security/credentials/google_default/google_default_credentials.cc +1 -0
  206. data/src/core/lib/security/credentials/jwt/json_token.cc +15 -14
  207. data/src/core/lib/security/credentials/jwt/jwt_credentials.cc +4 -2
  208. data/src/core/lib/security/credentials/jwt/jwt_verifier.cc +1 -0
  209. data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc +1 -0
  210. data/src/core/lib/security/security_connector/alts/alts_security_connector.cc +1 -5
  211. data/src/core/lib/security/util/json_util.cc +1 -0
  212. data/src/core/lib/service_config/service_config_call_data.h +49 -20
  213. data/src/core/lib/service_config/service_config_impl.cc +2 -1
  214. data/src/core/lib/surface/call.cc +38 -23
  215. data/src/core/lib/surface/completion_queue.cc +6 -2
  216. data/src/core/lib/surface/version.cc +2 -2
  217. data/src/core/lib/transport/batch_builder.cc +15 -12
  218. data/src/core/lib/transport/batch_builder.h +39 -35
  219. data/src/core/plugin_registry/grpc_plugin_registry.cc +0 -2
  220. data/src/core/plugin_registry/grpc_plugin_registry_extra.cc +2 -0
  221. data/src/ruby/ext/grpc/extconf.rb +8 -9
  222. data/src/ruby/lib/grpc/version.rb +1 -1
  223. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_mbstr.c +9 -8
  224. data/third_party/boringssl-with-bazel/src/crypto/asn1/a_strnid.c +1 -1
  225. data/third_party/boringssl-with-bazel/src/crypto/asn1/internal.h +3 -3
  226. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_dec.c +10 -6
  227. data/third_party/boringssl-with-bazel/src/crypto/asn1/tasn_enc.c +7 -4
  228. data/third_party/boringssl-with-bazel/src/crypto/bio/bio.c +6 -4
  229. data/third_party/boringssl-with-bazel/src/crypto/bio/fd.c +2 -1
  230. data/third_party/boringssl-with-bazel/src/crypto/bio/file.c +5 -9
  231. data/third_party/boringssl-with-bazel/src/crypto/bio/pair.c +4 -2
  232. data/third_party/boringssl-with-bazel/src/crypto/blake2/blake2.c +31 -22
  233. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/e_tls.c +29 -26
  234. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/internal.h +8 -0
  235. data/third_party/boringssl-with-bazel/src/crypto/cipher_extra/tls_cbc.c +189 -13
  236. data/third_party/boringssl-with-bazel/src/crypto/cpu_aarch64_openbsd.c +62 -0
  237. data/third_party/boringssl-with-bazel/src/crypto/cpu_arm_openbsd.c +31 -0
  238. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519.c +6 -4
  239. data/third_party/boringssl-with-bazel/src/crypto/curve25519/curve25519_tables.h +795 -795
  240. data/third_party/boringssl-with-bazel/src/crypto/curve25519/internal.h +1 -5
  241. data/third_party/boringssl-with-bazel/src/crypto/dsa/dsa.c +4 -0
  242. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/hash_to_curve.c +18 -6
  243. data/third_party/boringssl-with-bazel/src/crypto/ec_extra/internal.h +15 -7
  244. data/third_party/boringssl-with-bazel/src/crypto/ecdh_extra/ecdh_extra.c +1 -1
  245. data/third_party/boringssl-with-bazel/src/crypto/evp/p_rsa.c +1 -1
  246. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/bcm.c +1 -0
  247. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/dh/dh.c +3 -0
  248. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec.c +24 -24
  249. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_key.c +1 -1
  250. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/ec_montgomery.c +7 -7
  251. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/internal.h +74 -74
  252. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/oct.c +1 -2
  253. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p224-64.c +11 -11
  254. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256-nistz.c +12 -12
  255. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256.c +14 -15
  256. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/p256_table.h +1 -1
  257. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple.c +10 -10
  258. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/simple_mul.c +23 -23
  259. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ec/wnaf.c +13 -13
  260. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdh/ecdh.c +1 -1
  261. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/ecdsa/ecdsa.c +2 -2
  262. data/third_party/boringssl-with-bazel/src/crypto/{hkdf → fipsmodule/hkdf}/hkdf.c +1 -1
  263. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/cbc.c +2 -10
  264. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ctr.c +1 -4
  265. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm.c +115 -133
  266. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/gcm_nohw.c +12 -14
  267. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/internal.h +57 -47
  268. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/ofb.c +1 -8
  269. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/modes/polyval.c +27 -28
  270. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rand/urandom.c +11 -23
  271. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/internal.h +21 -16
  272. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/padding.c +5 -288
  273. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa.c +143 -83
  274. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/rsa/rsa_impl.c +95 -183
  275. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/self_check/self_check.c +71 -0
  276. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/internal.h +8 -0
  277. data/third_party/boringssl-with-bazel/src/crypto/fipsmodule/tls/kdf.c +33 -0
  278. data/third_party/boringssl-with-bazel/src/crypto/hpke/hpke.c +162 -6
  279. data/third_party/boringssl-with-bazel/src/crypto/internal.h +18 -0
  280. data/third_party/boringssl-with-bazel/src/crypto/kyber/kyber.c +18 -11
  281. data/third_party/boringssl-with-bazel/src/crypto/obj/obj_dat.h +6 -13
  282. data/third_party/boringssl-with-bazel/src/crypto/pem/pem_lib.c +18 -14
  283. data/third_party/boringssl-with-bazel/src/crypto/{refcount_lock.c → refcount_no_threads.c} +3 -13
  284. data/third_party/boringssl-with-bazel/src/crypto/refcount_win.c +89 -0
  285. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/internal.h +77 -0
  286. data/third_party/boringssl-with-bazel/src/crypto/rsa_extra/rsa_crypt.c +568 -0
  287. data/third_party/boringssl-with-bazel/src/crypto/trust_token/internal.h +62 -0
  288. data/third_party/boringssl-with-bazel/src/crypto/trust_token/pmbtoken.c +218 -44
  289. data/third_party/boringssl-with-bazel/src/crypto/trust_token/trust_token.c +35 -0
  290. data/third_party/boringssl-with-bazel/src/crypto/trust_token/voprf.c +588 -39
  291. data/third_party/boringssl-with-bazel/src/crypto/x509/a_sign.c +27 -18
  292. data/third_party/boringssl-with-bazel/src/crypto/x509/asn1_gen.c +1 -1
  293. data/third_party/boringssl-with-bazel/src/crypto/x509/name_print.c +17 -39
  294. data/third_party/boringssl-with-bazel/src/crypto/x509/t_x509.c +39 -48
  295. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_att.c +0 -140
  296. data/third_party/boringssl-with-bazel/src/crypto/x509/x509_req.c +72 -23
  297. data/third_party/boringssl-with-bazel/src/crypto/x509/x509name.c +11 -14
  298. data/third_party/boringssl-with-bazel/src/crypto/x509/x509spki.c +1 -1
  299. data/third_party/boringssl-with-bazel/src/crypto/x509/x_x509a.c +2 -2
  300. data/third_party/boringssl-with-bazel/src/crypto/x509v3/internal.h +1 -1
  301. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_conf.c +33 -46
  302. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_cpols.c +1 -0
  303. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_info.c +3 -5
  304. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_lib.c +14 -46
  305. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_prn.c +14 -26
  306. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_skey.c +17 -10
  307. data/third_party/boringssl-with-bazel/src/crypto/x509v3/v3_utl.c +1 -1
  308. data/third_party/boringssl-with-bazel/src/include/openssl/aead.h +5 -7
  309. data/third_party/boringssl-with-bazel/src/include/openssl/asn1.h +6 -4
  310. data/third_party/boringssl-with-bazel/src/include/openssl/base.h +32 -1
  311. data/third_party/boringssl-with-bazel/src/include/openssl/bio.h +0 -4
  312. data/third_party/boringssl-with-bazel/src/include/openssl/blake2.h +1 -4
  313. data/third_party/boringssl-with-bazel/src/include/openssl/evp.h +3 -3
  314. data/third_party/boringssl-with-bazel/src/include/openssl/hpke.h +28 -0
  315. data/third_party/boringssl-with-bazel/src/include/openssl/nid.h +2 -11
  316. data/third_party/boringssl-with-bazel/src/include/openssl/pem.h +0 -3
  317. data/third_party/boringssl-with-bazel/src/include/openssl/rsa.h +91 -1
  318. data/third_party/boringssl-with-bazel/src/include/openssl/span.h +5 -0
  319. data/third_party/boringssl-with-bazel/src/include/openssl/ssl.h +149 -20
  320. data/third_party/boringssl-with-bazel/src/include/openssl/thread.h +4 -0
  321. data/third_party/boringssl-with-bazel/src/include/openssl/tls1.h +4 -0
  322. data/third_party/boringssl-with-bazel/src/include/openssl/trust_token.h +8 -0
  323. data/third_party/boringssl-with-bazel/src/include/openssl/x509.h +774 -615
  324. data/third_party/boringssl-with-bazel/src/include/openssl/x509v3.h +42 -10
  325. data/third_party/boringssl-with-bazel/src/ssl/encrypted_client_hello.cc +11 -6
  326. data/third_party/boringssl-with-bazel/src/ssl/extensions.cc +2 -4
  327. data/third_party/boringssl-with-bazel/src/ssl/handshake_client.cc +24 -16
  328. data/third_party/boringssl-with-bazel/src/ssl/internal.h +65 -18
  329. data/third_party/boringssl-with-bazel/src/ssl/s3_both.cc +37 -18
  330. data/third_party/boringssl-with-bazel/src/ssl/ssl_cipher.cc +187 -193
  331. data/third_party/boringssl-with-bazel/src/ssl/ssl_key_share.cc +13 -129
  332. data/third_party/boringssl-with-bazel/src/ssl/ssl_lib.cc +85 -10
  333. data/third_party/boringssl-with-bazel/src/ssl/ssl_privkey.cc +17 -4
  334. data/third_party/boringssl-with-bazel/src/ssl/ssl_versions.cc +27 -19
  335. data/third_party/boringssl-with-bazel/src/ssl/tls13_client.cc +1 -1
  336. data/third_party/boringssl-with-bazel/src/ssl/tls13_enc.cc +5 -21
  337. data/third_party/boringssl-with-bazel/src/ssl/tls13_server.cc +5 -2
  338. data/third_party/boringssl-with-bazel/src/third_party/fiat/curve25519_64_msvc.h +1281 -0
  339. data/third_party/boringssl-with-bazel/src/third_party/fiat/p256_64_msvc.h +2002 -0
  340. data/third_party/cares/cares/include/ares.h +23 -1
  341. data/third_party/cares/cares/{src/lib → include}/ares_nameser.h +9 -7
  342. data/third_party/cares/cares/include/ares_rules.h +2 -2
  343. data/third_party/cares/cares/include/ares_version.h +3 -3
  344. data/third_party/cares/cares/src/lib/ares__addrinfo2hostent.c +266 -0
  345. data/third_party/cares/cares/src/lib/ares__addrinfo_localhost.c +240 -0
  346. data/third_party/cares/cares/src/lib/ares__parse_into_addrinfo.c +49 -80
  347. data/third_party/cares/cares/src/lib/ares__readaddrinfo.c +37 -43
  348. data/third_party/cares/cares/src/lib/ares__sortaddrinfo.c +12 -4
  349. data/third_party/cares/cares/src/lib/ares_data.c +16 -0
  350. data/third_party/cares/cares/src/lib/ares_data.h +7 -0
  351. data/third_party/cares/cares/src/lib/ares_destroy.c +8 -0
  352. data/third_party/cares/cares/src/lib/ares_expand_name.c +17 -6
  353. data/third_party/cares/cares/src/lib/ares_freeaddrinfo.c +1 -0
  354. data/third_party/cares/cares/src/lib/ares_getaddrinfo.c +156 -78
  355. data/third_party/cares/cares/src/lib/ares_gethostbyname.c +130 -326
  356. data/third_party/cares/cares/src/lib/ares_init.c +97 -485
  357. data/third_party/cares/cares/src/lib/ares_library_init.c +2 -89
  358. data/third_party/cares/cares/src/lib/ares_parse_a_reply.c +23 -142
  359. data/third_party/cares/cares/src/lib/ares_parse_aaaa_reply.c +22 -142
  360. data/third_party/cares/cares/src/lib/ares_parse_uri_reply.c +184 -0
  361. data/third_party/cares/cares/src/lib/ares_private.h +30 -16
  362. data/third_party/cares/cares/src/lib/ares_process.c +55 -16
  363. data/third_party/cares/cares/src/lib/ares_query.c +1 -35
  364. data/third_party/cares/cares/src/lib/ares_rand.c +279 -0
  365. data/third_party/cares/cares/src/lib/ares_send.c +5 -7
  366. data/third_party/cares/cares/src/lib/ares_strdup.c +12 -19
  367. data/third_party/cares/cares/src/lib/ares_strsplit.c +44 -128
  368. data/third_party/cares/cares/src/lib/ares_strsplit.h +9 -10
  369. data/third_party/cares/cares/src/lib/inet_net_pton.c +78 -116
  370. data/third_party/cares/cares/src/tools/ares_getopt.h +53 -0
  371. metadata +48 -12
  372. data/src/core/ext/filters/client_channel/health/health_check_client.cc +0 -175
  373. data/src/core/ext/filters/client_channel/health/health_check_client.h +0 -43
  374. data/third_party/cares/cares/src/lib/ares_library_init.h +0 -43
@@ -27,8 +27,10 @@
27
27
  #include "absl/base/thread_annotations.h"
28
28
  #include "absl/strings/string_view.h"
29
29
 
30
+ #include <grpc/event_engine/event_engine.h>
30
31
  #include <grpc/support/log.h>
31
32
 
33
+ #include "src/core/lib/debug/trace.h"
32
34
  #include "src/core/lib/gprpp/construct_destruct.h"
33
35
  #include "src/core/lib/gprpp/crash.h"
34
36
  #include "src/core/lib/gprpp/ref_counted.h"
@@ -37,6 +39,7 @@
37
39
  #include "src/core/lib/promise/activity.h"
38
40
  #include "src/core/lib/promise/context.h"
39
41
  #include "src/core/lib/promise/detail/promise_factory.h"
42
+ #include "src/core/lib/promise/trace.h"
40
43
  #include "src/core/lib/resource_quota/arena.h"
41
44
 
42
45
  // Two implementations of party synchronization are provided: one using a single
@@ -453,13 +456,15 @@ class Party : public Activity, private Wakeable {
453
456
 
454
457
  // Wakeable implementation
455
458
  void Wakeup(WakeupMask wakeup_mask) final;
459
+ void WakeupAsync(WakeupMask wakeup_mask) final;
456
460
  void Drop(WakeupMask wakeup_mask) final;
457
461
 
458
- // Organize to wake up some participants.
459
- void ScheduleWakeup(WakeupMask mask);
460
462
  // Add a participant (backs Spawn, after type erasure to ParticipantFactory).
461
463
  void AddParticipants(Participant** participant, size_t count);
462
464
 
465
+ virtual grpc_event_engine::experimental::EventEngine* event_engine()
466
+ const = 0;
467
+
463
468
  // Sentinal value for currently_polling_ when no participant is being polled.
464
469
  static constexpr uint8_t kNotPolling = 255;
465
470
 
@@ -482,6 +487,10 @@ class Party : public Activity, private Wakeable {
482
487
  template <typename Factory, typename OnComplete>
483
488
  void Party::BulkSpawner::Spawn(absl::string_view name, Factory promise_factory,
484
489
  OnComplete on_complete) {
490
+ if (grpc_trace_promise_primitives.enabled()) {
491
+ gpr_log(GPR_DEBUG, "%s[bulk_spawn] On %p queue %s",
492
+ party_->DebugTag().c_str(), this, std::string(name).c_str());
493
+ }
485
494
  participants_[num_participants_++] =
486
495
  party_->arena_->NewPooled<ParticipantImpl<Factory, OnComplete>>(
487
496
  name, std::move(promise_factory), std::move(on_complete));
@@ -377,8 +377,8 @@ class Center : public InterceptorList<T> {
377
377
 
378
378
  std::string DebugTag() {
379
379
  if (auto* activity = Activity::current()) {
380
- return absl::StrCat(activity->DebugTag(), " PIPE[0x",
381
- reinterpret_cast<uintptr_t>(this), "]: ");
380
+ return absl::StrCat(activity->DebugTag(), " PIPE[0x", absl::Hex(this),
381
+ "]: ");
382
382
  } else {
383
383
  return absl::StrCat("PIPE[0x", reinterpret_cast<uintptr_t>(this), "]: ");
384
384
  }
@@ -610,6 +610,13 @@ class PipeReceiver {
610
610
  return [center = center_]() { return center->PollEmpty(); };
611
611
  }
612
612
 
613
+ void CloseWithError() {
614
+ if (center_ != nullptr) {
615
+ center_->MarkCancelled();
616
+ center_.reset();
617
+ }
618
+ }
619
+
613
620
  // Interject PromiseFactory f into the pipeline.
614
621
  // f will be called with the current value traversing the pipe, and should
615
622
  // return a value to replace it with.
@@ -0,0 +1,95 @@
1
+ // Copyright 2023 gRPC authors.
2
+ //
3
+ // Licensed under the Apache License, Version 2.0 (the "License");
4
+ // you may not use this file except in compliance with the License.
5
+ // You may obtain a copy of the License at
6
+ //
7
+ // http://www.apache.org/licenses/LICENSE-2.0
8
+ //
9
+ // Unless required by applicable law or agreed to in writing, software
10
+ // distributed under the License is distributed on an "AS IS" BASIS,
11
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ // See the License for the specific language governing permissions and
13
+ // limitations under the License.
14
+
15
+ #ifndef GRPC_SRC_CORE_LIB_PROMISE_PRIORITIZED_RACE_H
16
+ #define GRPC_SRC_CORE_LIB_PROMISE_PRIORITIZED_RACE_H
17
+
18
+ #include <grpc/support/port_platform.h>
19
+
20
+ #include <type_traits>
21
+ #include <utility>
22
+
23
+ namespace grpc_core {
24
+
25
+ namespace promise_detail {
26
+
27
+ template <typename A, typename B>
28
+ class TwoPartyPrioritizedRace {
29
+ public:
30
+ using Result = decltype(std::declval<A>()());
31
+
32
+ explicit TwoPartyPrioritizedRace(A a, B b)
33
+ : a_(std::move(a)), b_(std::move(b)) {}
34
+
35
+ Result operator()() {
36
+ // Check the priority promise.
37
+ auto p = a_();
38
+ if (p.ready()) return p;
39
+ // Check the other promise.
40
+ p = b_();
41
+ if (p.ready()) {
42
+ // re-poll a to see if it's also completed.
43
+ auto q = a_();
44
+ if (q.ready()) {
45
+ // both are ready, but a is prioritized
46
+ return q;
47
+ }
48
+ }
49
+ return p;
50
+ }
51
+
52
+ private:
53
+ A a_;
54
+ B b_;
55
+ };
56
+
57
+ template <typename... Promises>
58
+ class PrioritizedRace;
59
+
60
+ template <typename Promise, typename... Promises>
61
+ class PrioritizedRace<Promise, Promises...>
62
+ : public TwoPartyPrioritizedRace<Promise, PrioritizedRace<Promises...>> {
63
+ public:
64
+ using Result = decltype(std::declval<Promise>()());
65
+ explicit PrioritizedRace(Promise promise, Promises... promises)
66
+ : TwoPartyPrioritizedRace<Promise, PrioritizedRace<Promises...>>(
67
+ std::move(promise),
68
+ PrioritizedRace<Promises...>(std::move(promises)...)) {}
69
+ };
70
+
71
+ template <typename Promise>
72
+ class PrioritizedRace<Promise> {
73
+ public:
74
+ using Result = decltype(std::declval<Promise>()());
75
+ explicit PrioritizedRace(Promise promise) : promise_(std::move(promise)) {}
76
+ Result operator()() { return promise_(); }
77
+
78
+ private:
79
+ Promise promise_;
80
+ };
81
+
82
+ } // namespace promise_detail
83
+
84
+ /// Run all the promises until one is non-pending.
85
+ /// Once there's a non-pending promise, repoll all the promises before that.
86
+ /// Return the result from the lexically first non-pending promise.
87
+ template <typename... Promises>
88
+ promise_detail::PrioritizedRace<Promises...> PrioritizedRace(
89
+ Promises... promises) {
90
+ return promise_detail::PrioritizedRace<Promises...>(std::move(promises)...);
91
+ }
92
+
93
+ } // namespace grpc_core
94
+
95
+ #endif // GRPC_SRC_CORE_LIB_PROMISE_PRIORITIZED_RACE_H
@@ -41,8 +41,9 @@ Poll<absl::Status> Sleep::operator()() {
41
41
  // Invalidate now so that we see a fresh version of the time.
42
42
  // TODO(ctiller): the following can be safely removed when we remove ExecCtx.
43
43
  ExecCtx::Get()->InvalidateNow();
44
+ const auto now = Timestamp::Now();
44
45
  // If the deadline is earlier than now we can just return.
45
- if (deadline_ <= Timestamp::Now()) return absl::OkStatus();
46
+ if (deadline_ <= now) return absl::OkStatus();
46
47
  if (closure_ == nullptr) {
47
48
  // TODO(ctiller): it's likely we'll want a pool of closures - probably per
48
49
  // cpu? - to avoid allocating/deallocating on fast paths.
@@ -57,14 +57,6 @@ ServerAddress::ServerAddress(
57
57
  std::map<const char*, std::unique_ptr<AttributeInterface>> attributes)
58
58
  : address_(address), args_(args), attributes_(std::move(attributes)) {}
59
59
 
60
- ServerAddress::ServerAddress(
61
- const void* address, size_t address_len, const ChannelArgs& args,
62
- std::map<const char*, std::unique_ptr<AttributeInterface>> attributes)
63
- : args_(args), attributes_(std::move(attributes)) {
64
- memcpy(address_.addr, address, address_len);
65
- address_.len = static_cast<socklen_t>(address_len);
66
- }
67
-
68
60
  ServerAddress::ServerAddress(const ServerAddress& other)
69
61
  : address_(other.address_), args_(other.args_) {
70
62
  for (const auto& p : other.attributes_) {
@@ -21,7 +21,6 @@
21
21
 
22
22
  #include <grpc/support/port_platform.h>
23
23
 
24
- #include <stddef.h>
25
24
  #include <stdint.h>
26
25
 
27
26
  #include <map>
@@ -65,14 +64,9 @@ class ServerAddress {
65
64
  virtual std::string ToString() const = 0;
66
65
  };
67
66
 
68
- // Takes ownership of args.
69
67
  ServerAddress(const grpc_resolved_address& address, const ChannelArgs& args,
70
68
  std::map<const char*, std::unique_ptr<AttributeInterface>>
71
69
  attributes = {});
72
- ServerAddress(const void* address, size_t address_len,
73
- const ChannelArgs& args,
74
- std::map<const char*, std::unique_ptr<AttributeInterface>>
75
- attributes = {});
76
70
 
77
71
  // Copyable.
78
72
  ServerAddress(const ServerAddress& other);
@@ -453,7 +453,7 @@ void BasicMemoryQuota::AddNewAllocator(GrpcMemoryAllocatorImpl* allocator) {
453
453
  AllocatorBucket::Shard& shard = small_allocators_.SelectShard(allocator);
454
454
 
455
455
  {
456
- absl::MutexLock l(&shard.shard_mu);
456
+ MutexLock l(&shard.shard_mu);
457
457
  shard.allocators.emplace(allocator);
458
458
  }
459
459
  }
@@ -467,7 +467,7 @@ void BasicMemoryQuota::RemoveAllocator(GrpcMemoryAllocatorImpl* allocator) {
467
467
  small_allocators_.SelectShard(allocator);
468
468
 
469
469
  {
470
- absl::MutexLock l(&small_shard.shard_mu);
470
+ MutexLock l(&small_shard.shard_mu);
471
471
  if (small_shard.allocators.erase(allocator) == 1) {
472
472
  return;
473
473
  }
@@ -476,7 +476,7 @@ void BasicMemoryQuota::RemoveAllocator(GrpcMemoryAllocatorImpl* allocator) {
476
476
  AllocatorBucket::Shard& big_shard = big_allocators_.SelectShard(allocator);
477
477
 
478
478
  {
479
- absl::MutexLock l(&big_shard.shard_mu);
479
+ MutexLock l(&big_shard.shard_mu);
480
480
  big_shard.allocators.erase(allocator);
481
481
  }
482
482
  }
@@ -513,14 +513,14 @@ void BasicMemoryQuota::MaybeMoveAllocatorBigToSmall(
513
513
  AllocatorBucket::Shard& old_shard = big_allocators_.SelectShard(allocator);
514
514
 
515
515
  {
516
- absl::MutexLock l(&old_shard.shard_mu);
516
+ MutexLock l(&old_shard.shard_mu);
517
517
  if (old_shard.allocators.erase(allocator) == 0) return;
518
518
  }
519
519
 
520
520
  AllocatorBucket::Shard& new_shard = small_allocators_.SelectShard(allocator);
521
521
 
522
522
  {
523
- absl::MutexLock l(&new_shard.shard_mu);
523
+ MutexLock l(&new_shard.shard_mu);
524
524
  new_shard.allocators.emplace(allocator);
525
525
  }
526
526
  }
@@ -534,14 +534,14 @@ void BasicMemoryQuota::MaybeMoveAllocatorSmallToBig(
534
534
  AllocatorBucket::Shard& old_shard = small_allocators_.SelectShard(allocator);
535
535
 
536
536
  {
537
- absl::MutexLock l(&old_shard.shard_mu);
537
+ MutexLock l(&old_shard.shard_mu);
538
538
  if (old_shard.allocators.erase(allocator) == 0) return;
539
539
  }
540
540
 
541
541
  AllocatorBucket::Shard& new_shard = big_allocators_.SelectShard(allocator);
542
542
 
543
543
  {
544
- absl::MutexLock l(&new_shard.shard_mu);
544
+ MutexLock l(&new_shard.shard_mu);
545
545
  new_shard.allocators.emplace(allocator);
546
546
  }
547
547
  }
@@ -30,7 +30,6 @@
30
30
  #include "absl/base/thread_annotations.h"
31
31
  #include "absl/container/flat_hash_set.h"
32
32
  #include "absl/strings/string_view.h"
33
- #include "absl/synchronization/mutex.h"
34
33
  #include "absl/types/optional.h"
35
34
 
36
35
  #include <grpc/event_engine/memory_allocator.h>
@@ -340,7 +339,7 @@ class BasicMemoryQuota final
340
339
  struct Shard {
341
340
  absl::flat_hash_set<GrpcMemoryAllocatorImpl*> allocators
342
341
  ABSL_GUARDED_BY(shard_mu);
343
- absl::Mutex shard_mu;
342
+ Mutex shard_mu;
344
343
  };
345
344
 
346
345
  Shard& SelectShard(void* key) {
@@ -0,0 +1,98 @@
1
+ //
2
+ //
3
+ // Copyright 2023 gRPC authors.
4
+ //
5
+ // Licensed under the Apache License, Version 2.0 (the "License");
6
+ // you may not use this file except in compliance with the License.
7
+ // You may obtain a copy of the License at
8
+ //
9
+ // http://www.apache.org/licenses/LICENSE-2.0
10
+ //
11
+ // Unless required by applicable law or agreed to in writing, software
12
+ // distributed under the License is distributed on an "AS IS" BASIS,
13
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ // See the License for the specific language governing permissions and
15
+ // limitations under the License.
16
+ //
17
+ //
18
+
19
+ #include <grpc/support/port_platform.h>
20
+
21
+ #include "src/core/lib/security/authorization/audit_logging.h"
22
+
23
+ #include <initializer_list>
24
+ #include <map>
25
+ #include <memory>
26
+ #include <utility>
27
+
28
+ #include "absl/status/status.h"
29
+ #include "absl/status/statusor.h"
30
+ #include "absl/strings/str_format.h"
31
+ #include "absl/strings/string_view.h"
32
+
33
+ #include <grpc/grpc_audit_logging.h>
34
+ #include <grpc/support/json.h>
35
+ #include <grpc/support/log.h>
36
+
37
+ #include "src/core/lib/gprpp/sync.h"
38
+ #include "src/core/lib/security/authorization/stdout_logger.h"
39
+
40
+ namespace grpc_core {
41
+ namespace experimental {
42
+
43
+ Mutex* AuditLoggerRegistry::mu = new Mutex();
44
+
45
+ AuditLoggerRegistry* AuditLoggerRegistry::registry = new AuditLoggerRegistry();
46
+
47
+ AuditLoggerRegistry::AuditLoggerRegistry() {
48
+ auto factory = std::make_unique<StdoutAuditLoggerFactory>();
49
+ absl::string_view name = factory->name();
50
+ GPR_ASSERT(logger_factories_map_.emplace(name, std::move(factory)).second);
51
+ }
52
+
53
+ void AuditLoggerRegistry::RegisterFactory(
54
+ std::unique_ptr<AuditLoggerFactory> factory) {
55
+ GPR_ASSERT(factory != nullptr);
56
+ MutexLock lock(mu);
57
+ absl::string_view name = factory->name();
58
+ GPR_ASSERT(
59
+ registry->logger_factories_map_.emplace(name, std::move(factory)).second);
60
+ }
61
+
62
+ bool AuditLoggerRegistry::FactoryExists(absl::string_view name) {
63
+ MutexLock lock(mu);
64
+ return registry->logger_factories_map_.find(name) !=
65
+ registry->logger_factories_map_.end();
66
+ }
67
+
68
+ absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
69
+ AuditLoggerRegistry::ParseConfig(absl::string_view name, const Json& json) {
70
+ MutexLock lock(mu);
71
+ auto it = registry->logger_factories_map_.find(name);
72
+ if (it == registry->logger_factories_map_.end()) {
73
+ return absl::NotFoundError(
74
+ absl::StrFormat("audit logger factory for %s does not exist", name));
75
+ }
76
+ return it->second->ParseAuditLoggerConfig(json);
77
+ }
78
+
79
+ std::unique_ptr<AuditLogger> AuditLoggerRegistry::CreateAuditLogger(
80
+ std::unique_ptr<AuditLoggerFactory::Config> config) {
81
+ MutexLock lock(mu);
82
+ auto it = registry->logger_factories_map_.find(config->name());
83
+ GPR_ASSERT(it != registry->logger_factories_map_.end());
84
+ return it->second->CreateAuditLogger(std::move(config));
85
+ }
86
+
87
+ void AuditLoggerRegistry::TestOnlyResetRegistry() {
88
+ MutexLock lock(mu);
89
+ delete registry;
90
+ registry = new AuditLoggerRegistry();
91
+ }
92
+
93
+ void RegisterAuditLoggerFactory(std::unique_ptr<AuditLoggerFactory> factory) {
94
+ AuditLoggerRegistry::RegisterFactory(std::move(factory));
95
+ }
96
+
97
+ } // namespace experimental
98
+ } // namespace grpc_core
@@ -0,0 +1,73 @@
1
+ //
2
+ //
3
+ // Copyright 2023 gRPC authors.
4
+ //
5
+ // Licensed under the Apache License, Version 2.0 (the "License");
6
+ // you may not use this file except in compliance with the License.
7
+ // You may obtain a copy of the License at
8
+ //
9
+ // http://www.apache.org/licenses/LICENSE-2.0
10
+ //
11
+ // Unless required by applicable law or agreed to in writing, software
12
+ // distributed under the License is distributed on an "AS IS" BASIS,
13
+ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ // See the License for the specific language governing permissions and
15
+ // limitations under the License.
16
+ //
17
+ //
18
+
19
+ #ifndef GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_AUDIT_LOGGING_H
20
+ #define GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_AUDIT_LOGGING_H
21
+
22
+ #include <grpc/support/port_platform.h>
23
+
24
+ #include <map>
25
+ #include <memory>
26
+
27
+ #include "absl/base/thread_annotations.h"
28
+ #include "absl/status/statusor.h"
29
+ #include "absl/strings/string_view.h"
30
+
31
+ #include <grpc/grpc_audit_logging.h>
32
+ #include <grpc/support/json.h>
33
+
34
+ #include "src/core/lib/gprpp/sync.h"
35
+
36
+ namespace grpc_core {
37
+ namespace experimental {
38
+
39
+ class AuditLoggerRegistry {
40
+ public:
41
+ static void RegisterFactory(std::unique_ptr<AuditLoggerFactory>);
42
+
43
+ static bool FactoryExists(absl::string_view name);
44
+
45
+ static absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
46
+ ParseConfig(absl::string_view name, const Json& json);
47
+
48
+ // This assume the given config is parsed and validated already.
49
+ // Therefore, it should always succeed in creating a logger.
50
+ static std::unique_ptr<AuditLogger> CreateAuditLogger(
51
+ std::unique_ptr<AuditLoggerFactory::Config>);
52
+
53
+ // Factories are registered during initialization. They should never be
54
+ // unregistered since they will be looked up at any time till the program
55
+ // exits. This function should only be used in tests to clear the registry.
56
+ static void TestOnlyResetRegistry();
57
+
58
+ private:
59
+ AuditLoggerRegistry();
60
+
61
+ static Mutex* mu;
62
+
63
+ static AuditLoggerRegistry* registry ABSL_GUARDED_BY(mu);
64
+
65
+ // The key is owned by the factory.
66
+ std::map<absl::string_view, std::unique_ptr<AuditLoggerFactory>>
67
+ logger_factories_map_ ABSL_GUARDED_BY(mu);
68
+ };
69
+
70
+ } // namespace experimental
71
+ } // namespace grpc_core
72
+
73
+ #endif // GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_AUDIT_LOGGING_H
@@ -20,10 +20,35 @@
20
20
  #include <map>
21
21
  #include <utility>
22
22
 
23
+ #include <grpc/support/log.h>
24
+
25
+ #include "src/core/lib/security/authorization/audit_logging.h"
26
+ #include "src/core/lib/security/authorization/authorization_engine.h"
27
+
23
28
  namespace grpc_core {
24
29
 
30
+ using experimental::AuditContext;
31
+ using experimental::AuditLoggerRegistry;
32
+
33
+ namespace {
34
+
35
+ using Decision = AuthorizationEngine::Decision;
36
+
37
+ bool ShouldLog(const Decision& decision,
38
+ const Rbac::AuditCondition& condition) {
39
+ return condition == Rbac::AuditCondition::kOnDenyAndAllow ||
40
+ (decision.type == Decision::Type::kAllow &&
41
+ condition == Rbac::AuditCondition::kOnAllow) ||
42
+ (decision.type == Decision::Type::kDeny &&
43
+ condition == Rbac::AuditCondition::kOnDeny);
44
+ }
45
+
46
+ } // namespace
47
+
25
48
  GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy)
26
- : action_(policy.action) {
49
+ : name_(std::move(policy.name)),
50
+ action_(policy.action),
51
+ audit_condition_(policy.audit_condition) {
27
52
  for (auto& sub_policy : policy.policies) {
28
53
  Policy policy;
29
54
  policy.name = sub_policy.first;
@@ -31,16 +56,29 @@ GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy)
31
56
  std::move(sub_policy.second));
32
57
  policies_.push_back(std::move(policy));
33
58
  }
59
+ for (auto& logger_config : policy.logger_configs) {
60
+ auto logger =
61
+ AuditLoggerRegistry::CreateAuditLogger(std::move(logger_config));
62
+ GPR_ASSERT(logger != nullptr);
63
+ audit_loggers_.push_back(std::move(logger));
64
+ }
34
65
  }
35
66
 
36
67
  GrpcAuthorizationEngine::GrpcAuthorizationEngine(
37
68
  GrpcAuthorizationEngine&& other) noexcept
38
- : action_(other.action_), policies_(std::move(other.policies_)) {}
69
+ : name_(std::move(other.name_)),
70
+ action_(other.action_),
71
+ policies_(std::move(other.policies_)),
72
+ audit_condition_(other.audit_condition_),
73
+ audit_loggers_(std::move(other.audit_loggers_)) {}
39
74
 
40
75
  GrpcAuthorizationEngine& GrpcAuthorizationEngine::operator=(
41
76
  GrpcAuthorizationEngine&& other) noexcept {
77
+ name_ = std::move(other.name_);
42
78
  action_ = other.action_;
43
79
  policies_ = std::move(other.policies_);
80
+ audit_condition_ = other.audit_condition_;
81
+ audit_loggers_ = std::move(other.audit_loggers_);
44
82
  return *this;
45
83
  }
46
84
 
@@ -58,6 +96,13 @@ AuthorizationEngine::Decision GrpcAuthorizationEngine::Evaluate(
58
96
  decision.type = (matches == (action_ == Rbac::Action::kAllow))
59
97
  ? Decision::Type::kAllow
60
98
  : Decision::Type::kDeny;
99
+ if (ShouldLog(decision, audit_condition_)) {
100
+ for (auto& logger : audit_loggers_) {
101
+ logger->Log(AuditContext(args.GetPath(), args.GetSpiffeId(), name_,
102
+ decision.matching_policy_name,
103
+ decision.type == Decision::Type::kAllow));
104
+ }
105
+ }
61
106
  return decision;
62
107
  }
63
108
 
@@ -23,6 +23,8 @@
23
23
  #include <string>
24
24
  #include <vector>
25
25
 
26
+ #include <grpc/grpc_audit_logging.h>
27
+
26
28
  #include "src/core/lib/security/authorization/authorization_engine.h"
27
29
  #include "src/core/lib/security/authorization/evaluate_args.h"
28
30
  #include "src/core/lib/security/authorization/matchers.h"
@@ -30,6 +32,8 @@
30
32
 
31
33
  namespace grpc_core {
32
34
 
35
+ using experimental::AuditLogger;
36
+
33
37
  // GrpcAuthorizationEngine can be either an Allow engine or Deny engine. This
34
38
  // engine makes authorization decisions to Allow or Deny incoming RPC request
35
39
  // based on permission and principal configs in the provided RBAC policy and the
@@ -39,7 +43,8 @@ namespace grpc_core {
39
43
  class GrpcAuthorizationEngine : public AuthorizationEngine {
40
44
  public:
41
45
  // Builds GrpcAuthorizationEngine without any policies.
42
- explicit GrpcAuthorizationEngine(Rbac::Action action) : action_(action) {}
46
+ explicit GrpcAuthorizationEngine(Rbac::Action action)
47
+ : action_(action), audit_condition_(Rbac::AuditCondition::kNone) {}
43
48
  // Builds GrpcAuthorizationEngine with allow/deny RBAC policy.
44
49
  explicit GrpcAuthorizationEngine(Rbac policy);
45
50
 
@@ -51,6 +56,14 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
51
56
  // Required only for testing purpose.
52
57
  size_t num_policies() const { return policies_.size(); }
53
58
 
59
+ // Required only for testing purpose.
60
+ Rbac::AuditCondition audit_condition() const { return audit_condition_; }
61
+
62
+ // Required only for testing purpose.
63
+ const std::vector<std::unique_ptr<AuditLogger>>& audit_loggers() const {
64
+ return audit_loggers_;
65
+ }
66
+
54
67
  // Evaluates incoming request against RBAC policy and makes a decision to
55
68
  // whether allow/deny this request.
56
69
  Decision Evaluate(const EvaluateArgs& args) const override;
@@ -60,8 +73,12 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
60
73
  std::string name;
61
74
  std::unique_ptr<AuthorizationMatcher> matcher;
62
75
  };
76
+
77
+ std::string name_;
63
78
  Rbac::Action action_;
64
79
  std::vector<Policy> policies_;
80
+ Rbac::AuditCondition audit_condition_;
81
+ std::vector<std::unique_ptr<AuditLogger>> audit_loggers_;
65
82
  };
66
83
 
67
84
  } // namespace grpc_core
@@ -22,6 +22,7 @@
22
22
 
23
23
  #include "absl/strings/str_format.h"
24
24
  #include "absl/strings/str_join.h"
25
+ #include "absl/strings/string_view.h"
25
26
 
26
27
  namespace grpc_core {
27
28
 
@@ -29,26 +30,57 @@ namespace grpc_core {
29
30
  // Rbac
30
31
  //
31
32
 
32
- Rbac::Rbac(Rbac::Action action, std::map<std::string, Policy> policies)
33
- : action(action), policies(std::move(policies)) {}
33
+ Rbac::Rbac(std::string name, Rbac::Action action,
34
+ std::map<std::string, Policy> policies)
35
+ : name(std::move(name)),
36
+ action(action),
37
+ policies(std::move(policies)),
38
+ audit_condition(Rbac::AuditCondition::kNone) {}
34
39
 
35
40
  Rbac::Rbac(Rbac&& other) noexcept
36
- : action(other.action), policies(std::move(other.policies)) {}
41
+ : name(std::move(other.name)),
42
+ action(other.action),
43
+ policies(std::move(other.policies)),
44
+ audit_condition(other.audit_condition),
45
+ logger_configs(std::move(other.logger_configs)) {}
37
46
 
38
47
  Rbac& Rbac::operator=(Rbac&& other) noexcept {
48
+ name = std::move(other.name);
39
49
  action = other.action;
40
50
  policies = std::move(other.policies);
51
+ audit_condition = other.audit_condition;
52
+ logger_configs = std::move(other.logger_configs);
41
53
  return *this;
42
54
  }
43
55
 
44
56
  std::string Rbac::ToString() const {
45
57
  std::vector<std::string> contents;
58
+ absl::string_view condition_str;
59
+ switch (audit_condition) {
60
+ case Rbac::AuditCondition::kNone:
61
+ condition_str = "None";
62
+ break;
63
+ case AuditCondition::kOnDeny:
64
+ condition_str = "OnDeny";
65
+ break;
66
+ case AuditCondition::kOnAllow:
67
+ condition_str = "OnAllow";
68
+ break;
69
+ case AuditCondition::kOnDenyAndAllow:
70
+ condition_str = "OnDenyAndAllow";
71
+ break;
72
+ }
46
73
  contents.push_back(absl::StrFormat(
47
- "Rbac action=%s{", action == Rbac::Action::kAllow ? "Allow" : "Deny"));
74
+ "Rbac name=%s action=%s audit_condition=%s{", name,
75
+ action == Rbac::Action::kAllow ? "Allow" : "Deny", condition_str));
48
76
  for (const auto& p : policies) {
49
77
  contents.push_back(absl::StrFormat("{\n policy_name=%s\n%s\n}", p.first,
50
78
  p.second.ToString()));
51
79
  }
80
+ for (const auto& config : logger_configs) {
81
+ contents.push_back(absl::StrFormat("{\n audit_logger=%s\n%s\n}",
82
+ config->name(), config->ToString()));
83
+ }
52
84
  contents.push_back("}");
53
85
  return absl::StrJoin(contents, "\n");
54
86
  }