RubyGems - grpc - Versions diffs - 1.55.0 → 1.56.0 - Mend

grpc 1.55.0 → 1.56.0

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (374) hide show

data/src/core/lib/security/authorization/rbac_policy.h CHANGED Viewed

@@ -26,18 +26,27 @@
 #include "absl/types/optional.h"
+#include <grpc/grpc_audit_logging.h>
 #include "src/core/lib/matchers/matchers.h"
 namespace grpc_core {
 // Represents Envoy RBAC Proto. [See
-// https://github.com/envoyproxy/envoy/blob/release/v1.17/api/envoy/config/rbac/v3/rbac.proto]
+// https://github.com/envoyproxy/envoy/blob/release/v1.26/api/envoy/config/rbac/v3/rbac.proto]
 struct Rbac {
   enum class Action {
     kAllow,
     kDeny,
   };
+  enum class AuditCondition {
+    kNone,
+    kOnDeny,
+    kOnAllow,
+    kOnDenyAndAllow,
+  };
   struct CidrRange {
     CidrRange() = default;
     CidrRange(std::string address_prefix, uint32_t prefix_len);
@@ -162,15 +171,23 @@ struct Rbac {
   };
   Rbac() = default;
-  Rbac(Rbac::Action action, std::map<std::string, Policy> policies);
+  Rbac(std::string name, Rbac::Action action,
+       std::map<std::string, Policy> policies);
   Rbac(Rbac&& other) noexcept;
   Rbac& operator=(Rbac&& other) noexcept;
   std::string ToString() const;
+  // The authorization policy name or the HTTP RBAC filter name.
+  std::string name;
   Action action;
   std::map<std::string, Policy> policies;
+  AuditCondition audit_condition;
+  std::vector<std::unique_ptr<experimental::AuditLoggerFactory::Config>>
+      logger_configs;
 };
 }  // namespace grpc_core

data/src/core/lib/security/authorization/stdout_logger.cc ADDED Viewed

@@ -0,0 +1,75 @@
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <grpc/support/port_platform.h>
+#include "src/core/lib/security/authorization/stdout_logger.h"
+#include <cstdio>
+#include <initializer_list>
+#include <memory>
+#include <string>
+#include "absl/status/statusor.h"
+#include "absl/strings/str_format.h"
+#include "absl/strings/string_view.h"
+#include "absl/time/clock.h"
+#include "absl/time/time.h"
+#include <grpc/grpc_audit_logging.h>
+#include <grpc/support/json.h>
+#include <grpc/support/log.h>
+namespace grpc_core {
+namespace experimental {
+namespace {
+constexpr absl::string_view kName = "stdout_logger";
+constexpr char kLogFormat[] =
+    "{\"grpc_audit_log\":{\"timestamp\":\"%s\",\"rpc_method\":\"%s\","
+    "\"principal\":\"%s\",\"policy_name\":\"%s\",\"matched_rule\":\"%s\","
+    "\"authorized\":%s}}\n";
+}  // namespace
+void StdoutAuditLogger::Log(const AuditContext& context) {
+  absl::FPrintF(stdout, kLogFormat, absl::FormatTime(absl::Now()),
+                context.rpc_method(), context.principal(),
+                context.policy_name(), context.matched_rule(),
+                context.authorized() ? "true" : "false");
+}
+absl::string_view StdoutAuditLoggerFactory::Config::name() const {
+  return kName;
+}
+std::string StdoutAuditLoggerFactory::Config::ToString() const { return "{}"; }
+absl::string_view StdoutAuditLoggerFactory::name() const { return kName; }
+absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
+StdoutAuditLoggerFactory::ParseAuditLoggerConfig(const Json&) {
+  return std::make_unique<StdoutAuditLoggerFactory::Config>();
+}
+std::unique_ptr<AuditLogger> StdoutAuditLoggerFactory::CreateAuditLogger(
+    std::unique_ptr<AuditLoggerFactory::Config> config) {
+  // Sanity check.
+  GPR_ASSERT(config != nullptr && config->name() == name());
+  return std::make_unique<StdoutAuditLogger>();
+}
+}  // namespace experimental
+}  // namespace grpc_core

data/src/core/lib/security/authorization/stdout_logger.h ADDED Viewed

@@ -0,0 +1,61 @@
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_STDOUT_LOGGER_H
+#define GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_STDOUT_LOGGER_H
+#include <grpc/support/port_platform.h>
+#include <memory>
+#include <string>
+#include "absl/status/statusor.h"
+#include "absl/strings/string_view.h"
+#include <grpc/grpc_audit_logging.h>
+#include <grpc/support/json.h>
+namespace grpc_core {
+namespace experimental {
+class StdoutAuditLogger : public AuditLogger {
+ public:
+  StdoutAuditLogger() = default;
+  absl::string_view name() const override { return "stdout_logger"; }
+  void Log(const AuditContext&) override;
+};
+class StdoutAuditLoggerFactory : public AuditLoggerFactory {
+ public:
+  class Config : public AuditLoggerFactory::Config {
+   public:
+    Config() = default;
+    absl::string_view name() const override;
+    std::string ToString() const override;
+  };
+  StdoutAuditLoggerFactory() = default;
+  absl::string_view name() const override;
+  absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
+  ParseAuditLoggerConfig(const Json& json) override;
+  std::unique_ptr<AuditLogger> CreateAuditLogger(
+      std::unique_ptr<AuditLoggerFactory::Config>) override;
+};
+}  // namespace experimental
+}  // namespace grpc_core
+#endif  // GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_STDOUT_LOGGER_H

data/src/core/lib/security/certificate_provider/certificate_provider_factory.h CHANGED Viewed

@@ -23,12 +23,15 @@
 #include <string>
+#include "absl/strings/string_view.h"
 #include <grpc/grpc_security.h>
 #include "src/core/lib/gprpp/ref_counted.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
-#include "src/core/lib/iomgr/error.h"
+#include "src/core/lib/gprpp/validation_errors.h"
 #include "src/core/lib/json/json.h"
+#include "src/core/lib/json/json_args.h"
 namespace grpc_core {
@@ -43,7 +46,7 @@ class CertificateProviderFactory {
     // Name of the type of the CertificateProvider. Unique to each type of
     // config.
-    virtual const char* name() const = 0;
+    virtual absl::string_view name() const = 0;
     virtual std::string ToString() const = 0;
   };
@@ -51,10 +54,11 @@ class CertificateProviderFactory {
   virtual ~CertificateProviderFactory() = default;
   // Name of the plugin.
-  virtual const char* name() const = 0;
+  virtual absl::string_view name() const = 0;
   virtual RefCountedPtr<Config> CreateCertificateProviderConfig(
-      const Json& config_json, grpc_error_handle* error) = 0;
+      const Json& config_json, const JsonArgs& args,
+      ValidationErrors* errors) = 0;
   // Create a CertificateProvider instance from config.
   virtual RefCountedPtr<grpc_tls_certificate_provider>

data/src/core/lib/security/certificate_provider/certificate_provider_registry.cc CHANGED Viewed

@@ -20,11 +20,8 @@
 #include "src/core/lib/security/certificate_provider/certificate_provider_registry.h"
-#include <string.h>
-#include <algorithm>
+#include <string>
 #include <utility>
-#include <vector>
 #include <grpc/support/log.h>
@@ -32,29 +29,22 @@ namespace grpc_core {
 void CertificateProviderRegistry::Builder::RegisterCertificateProviderFactory(
     std::unique_ptr<CertificateProviderFactory> factory) {
+  absl::string_view name = factory->name();
   gpr_log(GPR_DEBUG, "registering certificate provider factory for \"%s\"",
-          factory->name());
-  for (size_t i = 0; i < factories_.size(); ++i) {
-    GPR_ASSERT(strcmp(factories_[i]->name(), factory->name()) != 0);
-  }
-  factories_.push_back(std::move(factory));
+          std::string(name).c_str());
+  GPR_ASSERT(factories_.emplace(name, std::move(factory)).second);
 }
 CertificateProviderRegistry CertificateProviderRegistry::Builder::Build() {
-  CertificateProviderRegistry r;
-  r.factories_ = std::move(factories_);
-  return r;
+  return CertificateProviderRegistry(std::move(factories_));
 }
 CertificateProviderFactory*
 CertificateProviderRegistry::LookupCertificateProviderFactory(
     absl::string_view name) const {
-  for (size_t i = 0; i < factories_.size(); ++i) {
-    if (name == factories_[i]->name()) {
-      return factories_[i].get();
-    }
-  }
-  return nullptr;
+  auto it = factories_.find(name);
+  if (it == factories_.end()) return nullptr;
+  return it->second.get();
 }
 }  // namespace grpc_core

data/src/core/lib/security/certificate_provider/certificate_provider_registry.h CHANGED Viewed

@@ -21,8 +21,9 @@
 #include <grpc/support/port_platform.h>
+#include <map>
 #include <memory>
-#include <vector>
+#include <utility>
 #include "absl/strings/string_view.h"
@@ -32,20 +33,24 @@ namespace grpc_core {
 // Global registry for all the certificate provider plugins.
 class CertificateProviderRegistry {
+ private:
+  using FactoryMap =
+      std::map<absl::string_view, std::unique_ptr<CertificateProviderFactory>>;
  public:
   class Builder {
    public:
-    // Register a provider with the registry. Can only be called after calling
-    // InitRegistry(). The key of the factory is extracted from factory
-    // parameter with method CertificateProviderFactory::name. If the same key
-    // is registered twice, an exception is raised.
+    // Register a provider with the registry. The key of the factory is
+    // extracted from factory parameter with method
+    // CertificateProviderFactory::name. The registry with a given name
+    // cannot be registered twice.
     void RegisterCertificateProviderFactory(
         std::unique_ptr<CertificateProviderFactory> factory);
     CertificateProviderRegistry Build();
    private:
-    std::vector<std::unique_ptr<CertificateProviderFactory>> factories_;
+    FactoryMap factories_;
   };
   CertificateProviderRegistry(const CertificateProviderRegistry&) = delete;
@@ -60,9 +65,10 @@ class CertificateProviderRegistry {
       absl::string_view name) const;
  private:
-  CertificateProviderRegistry() = default;
+  explicit CertificateProviderRegistry(FactoryMap factories)
+      : factories_(std::move(factories)) {}
-  std::vector<std::unique_ptr<CertificateProviderFactory>> factories_;
+  FactoryMap factories_;
 };
 }  // namespace grpc_core

data/src/core/lib/security/credentials/external/aws_external_account_credentials.cc CHANGED Viewed

@@ -34,6 +34,7 @@
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>
@@ -487,19 +488,25 @@ void AwsExternalAccountCredentials::BuildSubjectToken() {
   }
   // Construct subject token
   Json::Array headers;
-  headers.push_back(Json(
-      {{"key", "Authorization"}, {"value", signed_headers["Authorization"]}}));
-  headers.push_back(Json({{"key", "host"}, {"value", signed_headers["host"]}}));
+  headers.push_back(Json::FromObject(
+      {{"key", Json::FromString("Authorization")},
+       {"value", Json::FromString(signed_headers["Authorization"])}}));
   headers.push_back(
-      Json({{"key", "x-amz-date"}, {"value", signed_headers["x-amz-date"]}}));
-  headers.push_back(Json({{"key", "x-amz-security-token"},
-                          {"value", signed_headers["x-amz-security-token"]}}));
-  headers.push_back(
-      Json({{"key", "x-goog-cloud-target-resource"}, {"value", audience_}}));
-  Json::Object object{{"url", Json(cred_verification_url_)},
-                      {"method", Json("POST")},
-                      {"headers", Json(headers)}};
-  Json subject_token_json(object);
+      Json::FromObject({{"key", Json::FromString("host")},
+                        {"value", Json::FromString(signed_headers["host"])}}));
+  headers.push_back(Json::FromObject(
+      {{"key", Json::FromString("x-amz-date")},
+       {"value", Json::FromString(signed_headers["x-amz-date"])}}));
+  headers.push_back(Json::FromObject(
+      {{"key", Json::FromString("x-amz-security-token")},
+       {"value", Json::FromString(signed_headers["x-amz-security-token"])}}));
+  headers.push_back(Json::FromObject(
+      {{"key", Json::FromString("x-goog-cloud-target-resource")},
+       {"value", Json::FromString(audience_)}}));
+  Json subject_token_json =
+      Json::FromObject({{"url", Json::FromString(cred_verification_url_)},
+                        {"method", Json::FromString("POST")},
+                        {"headers", Json::FromArray(headers)}});
   std::string subject_token = UrlEncode(JsonDump(subject_token_json));
   FinishRetrieveSubjectToken(subject_token, absl::OkStatus());
 }

data/src/core/lib/security/credentials/external/external_account_credentials.cc CHANGED Viewed

@@ -40,6 +40,7 @@
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>
@@ -328,9 +329,10 @@ void ExternalAccountCredentials::ExchangeToken(
   Json::Object addtional_options_json_object;
   if (options_.client_id.empty() && options_.client_secret.empty()) {
     addtional_options_json_object["userProject"] =
-        options_.workforce_pool_user_project;
+        Json::FromString(options_.workforce_pool_user_project);
   }
-  Json addtional_options_json(std::move(addtional_options_json_object));
+  Json addtional_options_json =
+      Json::FromObject(std::move(addtional_options_json_object));
   body_parts.push_back(absl::StrFormat(
       "options=%s", UrlEncode(JsonDump(addtional_options_json)).c_str()));
   std::string body = absl::StrJoin(body_parts, "&");

data/src/core/lib/security/credentials/external/file_external_account_credentials.cc CHANGED Viewed

@@ -25,6 +25,7 @@
 #include "absl/strings/string_view.h"
 #include <grpc/slice.h>
+#include <grpc/support/json.h>
 #include "src/core/lib/iomgr/load_file.h"
 #include "src/core/lib/json/json.h"

data/src/core/lib/security/credentials/external/url_external_account_credentials.cc CHANGED Viewed

@@ -33,6 +33,7 @@
 #include <grpc/grpc.h>
 #include <grpc/grpc_security.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>

data/src/core/lib/security/credentials/google_default/google_default_credentials.cc CHANGED Viewed

@@ -34,6 +34,7 @@
 #include <grpc/grpc_security_constants.h>
 #include <grpc/slice.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/sync.h>

data/src/core/lib/security/credentials/jwt/json_token.cc CHANGED Viewed

@@ -36,6 +36,7 @@
 #include <grpc/grpc_security.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/time.h>
@@ -165,12 +166,12 @@ void grpc_auth_json_key_destruct(grpc_auth_json_key* json_key) {
 // --- jwt encoding and signature. ---
 static char* encoded_jwt_header(const char* key_id, const char* algorithm) {
-  Json json = Json::Object{
-      {"alg", algorithm},
-      {"typ", GRPC_JWT_TYPE},
-      {"kid", key_id},
-  };
-  std::string json_str = JsonDump(json);
+  Json json = Json::FromObject({
+      {"alg", Json::FromString(algorithm)},
+      {"typ", Json::FromString(GRPC_JWT_TYPE)},
+      {"kid", Json::FromString(key_id)},
+  });
+  std::string json_str = grpc_core::JsonDump(json);
   return grpc_base64_encode(json_str.c_str(), json_str.size(), 1, 0);
 }
@@ -185,20 +186,20 @@ static char* encoded_jwt_claim(const grpc_auth_json_key* json_key,
   }
   Json::Object object = {
-      {"iss", json_key->client_email},
-      {"aud", audience},
-      {"iat", now.tv_sec},
-      {"exp", expiration.tv_sec},
+      {"iss", Json::FromString(json_key->client_email)},
+      {"aud", Json::FromString(audience)},
+      {"iat", Json::FromNumber(now.tv_sec)},
+      {"exp", Json::FromNumber(expiration.tv_sec)},
   };
   if (scope != nullptr) {
-    object["scope"] = scope;
+    object["scope"] = Json::FromString(scope);
   } else {
     // Unscoped JWTs need a sub field.
-    object["sub"] = json_key->client_email;
+    object["sub"] = Json::FromString(json_key->client_email);
   }
-  Json json(object);
-  std::string json_str = JsonDump(json);
+  std::string json_str =
+      grpc_core::JsonDump(Json::FromObject(std::move(object)));
   return grpc_base64_encode(json_str.c_str(), json_str.size(), 1, 0);
 }

data/src/core/lib/security/credentials/jwt/jwt_credentials.cc CHANGED Viewed

@@ -30,6 +30,7 @@
 #include "absl/strings/str_cat.h"
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>
 #include <grpc/support/sync.h>
@@ -145,9 +146,10 @@ static char* redact_private_key(const char* json_key) {
     return gpr_strdup("<Json failed to parse.>");
   }
   Json::Object object = json->object();
-  object["private_key"] = "<redacted>";
+  object["private_key"] = Json::FromString("<redacted>");
   return gpr_strdup(
-      grpc_core::JsonDump(Json(std::move(object)), /*indent=*/2).c_str());
+      grpc_core::JsonDump(Json::FromObject(std::move(object)), /*indent=*/2)
+          .c_str());
 }
 grpc_call_credentials* grpc_service_account_jwt_access_credentials_create(

data/src/core/lib/security/credentials/jwt/jwt_verifier.cc CHANGED Viewed

@@ -45,6 +45,7 @@
 #include <grpc/grpc.h>
 #include <grpc/slice.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>
 #include <grpc/support/time.h>

data/src/core/lib/security/credentials/oauth2/oauth2_credentials.cc CHANGED Viewed

@@ -39,6 +39,7 @@
 #include <grpc/grpc_security.h>
 #include <grpc/slice.h>
 #include <grpc/support/alloc.h>
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 #include <grpc/support/string_util.h>
 #include <grpc/support/time.h>

data/src/core/lib/security/security_connector/alts/alts_security_connector.cc CHANGED Viewed

@@ -130,11 +130,7 @@ class grpc_alts_channel_security_connector final
   }
   grpc_core::ArenaPromise<absl::Status> CheckCallHost(
-      absl::string_view host, grpc_auth_context*) override {
-    if (host.empty() || host != target_name_) {
-      return grpc_core::Immediate(absl::UnauthenticatedError(
-          "ALTS call host does not match target name"));
-    }
+      absl::string_view, grpc_auth_context*) override {
     return grpc_core::ImmediateOkStatus();
   }

data/src/core/lib/security/util/json_util.cc CHANGED Viewed

@@ -26,6 +26,7 @@
 #include "absl/strings/str_cat.h"
+#include <grpc/support/json.h>
 #include <grpc/support/string_util.h>
 #include "src/core/lib/iomgr/error.h"

data/src/core/lib/service_config/service_config_call_data.h CHANGED Viewed

@@ -21,14 +21,14 @@
 #include <stddef.h>
-#include <map>
 #include <memory>
 #include <utility>
-#include "absl/strings/string_view.h"
+#include "src/core/lib/channel/context.h"
+#include "src/core/lib/gprpp/chunked_vector.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/gprpp/unique_type_name.h"
+#include "src/core/lib/resource_quota/arena.h"
 #include "src/core/lib/service_config/service_config.h"
 #include "src/core/lib/service_config/service_config_parser.h"
@@ -38,43 +38,72 @@ namespace grpc_core {
 /// A pointer to this object is stored in the call_context
 /// GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA element, so that filters can
 /// easily access method and global parameters for the call.
+///
+/// Must be accessed when holding the call combiner (legacy filter) or from
+/// inside the activity (promise-based filter).
 class ServiceConfigCallData {
  public:
-  using CallAttributes = std::map<UniqueTypeName, absl::string_view>;
+  class CallAttributeInterface {
+   public:
+    virtual ~CallAttributeInterface() = default;
+    virtual UniqueTypeName type() const = 0;
+  };
+  ServiceConfigCallData(Arena* arena, grpc_call_context_element* call_context)
+      : call_attributes_(arena) {
+    call_context[GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA].value = this;
+    call_context[GRPC_CONTEXT_SERVICE_CONFIG_CALL_DATA].destroy = Destroy;
+  }
-  ServiceConfigCallData() : method_configs_(nullptr) {}
+  virtual ~ServiceConfigCallData() = default;
-  ServiceConfigCallData(
+  void SetServiceConfig(
       RefCountedPtr<ServiceConfig> service_config,
-      const ServiceConfigParser::ParsedConfigVector* method_configs,
-      CallAttributes call_attributes)
-      : service_config_(std::move(service_config)),
-        method_configs_(method_configs),
-        call_attributes_(std::move(call_attributes)) {}
+      const ServiceConfigParser::ParsedConfigVector* method_configs) {
+    service_config_ = std::move(service_config);
+    method_configs_ = method_configs;
+  }
   ServiceConfig* service_config() { return service_config_.get(); }
   ServiceConfigParser::ParsedConfig* GetMethodParsedConfig(size_t index) const {
-    return method_configs_ != nullptr ? (*method_configs_)[index].get()
-                                      : nullptr;
+    if (method_configs_ == nullptr) return nullptr;
+    return (*method_configs_)[index].get();
   }
   ServiceConfigParser::ParsedConfig* GetGlobalParsedConfig(size_t index) const {
+    if (service_config_ == nullptr) return nullptr;
     return service_config_->GetGlobalParsedConfig(index);
   }
-  const CallAttributes& call_attributes() const { return call_attributes_; }
+  void SetCallAttribute(CallAttributeInterface* value) {
+    // Overwrite existing entry if we already have one for this type.
+    for (CallAttributeInterface*& attribute : call_attributes_) {
+      if (value->type() == attribute->type()) {
+        attribute = value;
+        return;
+      }
+    }
+    // Otherwise, add a new entry.
+    call_attributes_.EmplaceBack(value);
+  }
-  // Must be called when holding the call combiner (legacy filter) or from
-  // inside the activity (promise-based filter).
-  void SetCallAttribute(UniqueTypeName name, absl::string_view value) {
-    call_attributes_[name] = value;
+  CallAttributeInterface* GetCallAttribute(UniqueTypeName type) const {
+    for (CallAttributeInterface* attribute : call_attributes_) {
+      if (attribute->type() == type) return attribute;
+    }
+    return nullptr;
   }
  private:
+  static void Destroy(void* ptr) {
+    auto* self = static_cast<ServiceConfigCallData*>(ptr);
+    self->~ServiceConfigCallData();
+  }
   RefCountedPtr<ServiceConfig> service_config_;
-  const ServiceConfigParser::ParsedConfigVector* method_configs_;
-  CallAttributes call_attributes_;
+  const ServiceConfigParser::ParsedConfigVector* method_configs_ = nullptr;
+  ChunkedVector<CallAttributeInterface*, 4> call_attributes_;
 };
 }  // namespace grpc_core