grpc 1.55.3 → 1.56.0.pre3

data/src/core/ext/xds/file_watcher_certificate_provider_factory.cc

@@ -22,6 +22,7 @@
 
 #include <algorithm>
 #include <initializer_list>
+#include <map>
 #include <memory>
 #include <vector>
 
@@ -32,14 +33,13 @@
 #include <grpc/support/time.h>
 
 #include "src/core/lib/config/core_configuration.h"
-#include "src/core/lib/json/json_util.h"
 #include "src/core/lib/security/credentials/tls/grpc_tls_certificate_provider.h"
 
 namespace grpc_core {
 
 namespace {
 
-const char* kFileWatcherPlugin = "file_watcher";
+constexpr absl::string_view kFileWatcherPlugin = "file_watcher";
 
 }  // namespace
 
@@ -47,7 +47,7 @@ const char* kFileWatcherPlugin = "file_watcher";
 // FileWatcherCertificateProviderFactory::Config
 //
 
-const char* FileWatcherCertificateProviderFactory::Config::name() const {
+absl::string_view FileWatcherCertificateProviderFactory::Config::name() const {
   return kFileWatcherPlugin;
 }
 
@@ -71,58 +71,46 @@ std::string FileWatcherCertificateProviderFactory::Config::ToString() const {
   return absl::StrJoin(parts, "");
 }
 
-RefCountedPtr<FileWatcherCertificateProviderFactory::Config>
-FileWatcherCertificateProviderFactory::Config::Parse(const Json& config_json,
-                                                     grpc_error_handle* error) {
-  auto config = MakeRefCounted<FileWatcherCertificateProviderFactory::Config>();
-  if (config_json.type() != Json::Type::kObject) {
-    *error = GRPC_ERROR_CREATE("error:config type should be OBJECT.");
-    return nullptr;
-  }
-  std::vector<grpc_error_handle> error_list;
-  ParseJsonObjectField(config_json.object(), "certificate_file",
-                       &config->identity_cert_file_, &error_list, false);
-  ParseJsonObjectField(config_json.object(), "private_key_file",
-                       &config->private_key_file_, &error_list, false);
-  if (config->identity_cert_file_.empty() !=
-      config->private_key_file_.empty()) {
-    error_list.push_back(GRPC_ERROR_CREATE(
+const JsonLoaderInterface*
+FileWatcherCertificateProviderFactory::Config::JsonLoader(const JsonArgs&) {
+  static const auto* loader =
+      JsonObjectLoader<Config>()
+          .OptionalField("certificate_file", &Config::identity_cert_file_)
+          .OptionalField("private_key_file", &Config::private_key_file_)
+          .OptionalField("ca_certificate_file", &Config::root_cert_file_)
+          .OptionalField("refresh_interval", &Config::refresh_interval_)
+          .Finish();
+  return loader;
+}
+
+void FileWatcherCertificateProviderFactory::Config::JsonPostLoad(
+    const Json& json, const JsonArgs& /*args*/, ValidationErrors* errors) {
+  if ((json.object().find("certificate_file") == json.object().end()) !=
+      (json.object().find("private_key_file") == json.object().end())) {
+    errors->AddError(
         "fields \"certificate_file\" and \"private_key_file\" must be both set "
-        "or both unset."));
+        "or both unset");
   }
-  ParseJsonObjectField(config_json.object(), "ca_certificate_file",
-                       &config->root_cert_file_, &error_list, false);
-  if (config->identity_cert_file_.empty() && config->root_cert_file_.empty()) {
-    error_list.push_back(GRPC_ERROR_CREATE(
-        "At least one of \"certificate_file\" and \"ca_certificate_file\" must "
-        "be specified."));
-  }
-  if (!ParseJsonObjectFieldAsDuration(config_json.object(), "refresh_interval",
-                                      &config->refresh_interval_, &error_list,
-                                      false)) {
-    config->refresh_interval_ = Duration::Minutes(10);  // 10 minutes default
-  }
-  if (!error_list.empty()) {
-    *error = GRPC_ERROR_CREATE_FROM_VECTOR(
-        "Error parsing file watcher certificate provider config", &error_list);
-    return nullptr;
+  if ((json.object().find("certificate_file") == json.object().end()) &&
+      (json.object().find("ca_certificate_file") == json.object().end())) {
+    errors->AddError(
+        "at least one of \"certificate_file\" and \"ca_certificate_file\" must "
+        "be specified");
   }
-  return config;
 }
 
 //
 // FileWatcherCertificateProviderFactory
 //
 
-const char* FileWatcherCertificateProviderFactory::name() const {
+absl::string_view FileWatcherCertificateProviderFactory::name() const {
   return kFileWatcherPlugin;
 }
 
 RefCountedPtr<CertificateProviderFactory::Config>
 FileWatcherCertificateProviderFactory::CreateCertificateProviderConfig(
-    const Json& config_json, grpc_error_handle* error) {
-  return FileWatcherCertificateProviderFactory::Config::Parse(config_json,
-                                                              error);
+    const Json& config_json, const JsonArgs& args, ValidationErrors* errors) {
+  return LoadFromJson<RefCountedPtr<Config>>(config_json, args, errors);
 }
 
 RefCountedPtr<grpc_tls_certificate_provider>
@@ -130,7 +118,7 @@ FileWatcherCertificateProviderFactory::CreateCertificateProvider(
     RefCountedPtr<CertificateProviderFactory::Config> config) {
   if (config->name() != name()) {
     gpr_log(GPR_ERROR, "Wrong config type Actual:%s vs Expected:%s",
-            config->name(), name());
+            std::string(config->name()).c_str(), std::string(name()).c_str());
     return nullptr;
   }
   auto* file_watcher_config =

data/src/core/ext/xds/file_watcher_certificate_provider_factory.h

@@ -23,12 +23,16 @@
 
 #include <string>
 
+#include "absl/strings/string_view.h"
+
 #include <grpc/grpc_security.h>
 
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/gprpp/time.h"
-#include "src/core/lib/iomgr/error.h"
+#include "src/core/lib/gprpp/validation_errors.h"
 #include "src/core/lib/json/json.h"
+#include "src/core/lib/json/json_args.h"
+#include "src/core/lib/json/json_object_loader.h"
 #include "src/core/lib/security/certificate_provider/certificate_provider_factory.h"
 
 namespace grpc_core {
@@ -38,10 +42,7 @@ class FileWatcherCertificateProviderFactory
  public:
   class Config : public CertificateProviderFactory::Config {
    public:
-    static RefCountedPtr<Config> Parse(const Json& config_json,
-                                       grpc_error_handle* error);
-
-    const char* name() const override;
+    absl::string_view name() const override;
 
     std::string ToString() const override;
 
@@ -55,18 +56,22 @@ class FileWatcherCertificateProviderFactory
 
     Duration refresh_interval() const { return refresh_interval_; }
 
+    static const JsonLoaderInterface* JsonLoader(const JsonArgs& args);
+    void JsonPostLoad(const Json& json, const JsonArgs& args,
+                      ValidationErrors* errors);
+
    private:
     std::string identity_cert_file_;
     std::string private_key_file_;
     std::string root_cert_file_;
-    Duration refresh_interval_;
+    Duration refresh_interval_ = Duration::Minutes(10);
   };
 
-  const char* name() const override;
+  absl::string_view name() const override;
 
   RefCountedPtr<CertificateProviderFactory::Config>
-  CreateCertificateProviderConfig(const Json& config_json,
-                                  grpc_error_handle* error) override;
+  CreateCertificateProviderConfig(const Json& config_json, const JsonArgs& args,
+                                  ValidationErrors* errors) override;
 
   RefCountedPtr<grpc_tls_certificate_provider> CreateCertificateProvider(
       RefCountedPtr<CertificateProviderFactory::Config> config) override;

data/src/core/ext/xds/xds_api.cc

@@ -114,11 +114,8 @@ void PopulateMetadataValue(const XdsApiContext& context,
       google_protobuf_Value_set_string_value(
           value_pb, StdStringToUpbString(value.string()));
       break;
-    case Json::Type::kTrue:
-      google_protobuf_Value_set_bool_value(value_pb, true);
-      break;
-    case Json::Type::kFalse:
-      google_protobuf_Value_set_bool_value(value_pb, false);
+    case Json::Type::kBoolean:
+      google_protobuf_Value_set_bool_value(value_pb, value.boolean());
       break;
     case Json::Type::kObject: {
       google_protobuf_Struct* struct_value =
@@ -327,11 +324,17 @@ absl::Status XdsApi::ParseAdsResponse(absl::string_view encoded_response,
       const auto* resource_wrapper = envoy_service_discovery_v3_Resource_parse(
           serialized_resource.data(), serialized_resource.size(), arena.ptr());
       if (resource_wrapper == nullptr) {
-        parser->ResourceWrapperParsingFailed(i);
+        parser->ResourceWrapperParsingFailed(
+            i, "Can't decode Resource proto wrapper");
         continue;
       }
       const auto* resource =
           envoy_service_discovery_v3_Resource_resource(resource_wrapper);
+      if (resource == nullptr) {
+        parser->ResourceWrapperParsingFailed(
+            i, "No resource present in Resource proto wrapper");
+        continue;
+      }
       type_url = absl::StripPrefix(
           UpbStringToAbsl(google_protobuf_Any_type_url(resource)),
           "type.googleapis.com/");

data/src/core/ext/xds/xds_api.h

@@ -75,8 +75,9 @@ class XdsApi {
                                absl::string_view serialized_resource) = 0;
 
     // Called when a resource is wrapped in a Resource wrapper proto but
-    // we fail to deserialize the wrapper proto.
-    virtual void ResourceWrapperParsingFailed(size_t idx) = 0;
+    // we fail to parse the Resource wrapper.
+    virtual void ResourceWrapperParsingFailed(size_t idx,
+                                              absl::string_view message) = 0;
   };
 
   struct ClusterLoadReport {

data/src/core/ext/xds/xds_audit_logger_registry.cc

@@ -0,0 +1,122 @@
+//
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#include <grpc/support/port_platform.h>
+
+#include "src/core/ext/xds/xds_audit_logger_registry.h"
+
+#include <string>
+#include <utility>
+
+#include "absl/status/status.h"
+#include "absl/status/statusor.h"
+#include "absl/strings/string_view.h"
+#include "absl/types/optional.h"
+#include "envoy/config/core/v3/extension.upb.h"
+#include "envoy/config/rbac/v3/rbac.upb.h"
+
+#include "src/core/ext/xds/xds_common_types.h"
+#include "src/core/lib/gprpp/match.h"
+#include "src/core/lib/gprpp/validation_errors.h"
+#include "src/core/lib/security/authorization/audit_logging.h"
+
+namespace grpc_core {
+
+namespace {
+
+using experimental::AuditLoggerRegistry;
+
+class StdoutLoggerConfigFactory : public XdsAuditLoggerRegistry::ConfigFactory {
+ public:
+  Json::Object ConvertXdsAuditLoggerConfig(
+      const XdsResourceType::DecodeContext& /*context*/,
+      absl::string_view /*configuration*/,
+      ValidationErrors* /*errors*/) override {
+    // Stdout logger has no configuration right now. So we don't process the
+    // config protobuf.
+    return {};
+  }
+
+  absl::string_view type() override { return Type(); }
+  absl::string_view name() override { return "stdout_logger"; }
+
+  static absl::string_view Type() {
+    return "envoy.extensions.rbac.audit_loggers.stream.v3.StdoutAuditLog";
+  }
+};
+
+}  // namespace
+
+XdsAuditLoggerRegistry::XdsAuditLoggerRegistry() {
+  audit_logger_config_factories_.emplace(
+      StdoutLoggerConfigFactory::Type(),
+      std::make_unique<StdoutLoggerConfigFactory>());
+}
+
+Json XdsAuditLoggerRegistry::ConvertXdsAuditLoggerConfig(
+    const XdsResourceType::DecodeContext& context,
+    const envoy_config_rbac_v3_RBAC_AuditLoggingOptions_AuditLoggerConfig*
+        logger_config,
+    ValidationErrors* errors) const {
+  const auto* typed_extension_config =
+      envoy_config_rbac_v3_RBAC_AuditLoggingOptions_AuditLoggerConfig_audit_logger(
+          logger_config);
+  ValidationErrors::ScopedField field(errors, ".audit_logger");
+  if (typed_extension_config == nullptr) {
+    errors->AddError("field not present");
+    return Json();  // A null Json object.
+  }
+  ValidationErrors::ScopedField field2(errors, ".typed_config");
+  const auto* typed_config =
+      envoy_config_core_v3_TypedExtensionConfig_typed_config(
+          typed_extension_config);
+  auto extension = ExtractXdsExtension(context, typed_config, errors);
+  if (!extension.has_value()) return Json();
+  absl::string_view name;
+  Json config;
+  Match(
+      extension->value,
+      // Built-in logger types.
+      [&](absl::string_view serialized_value) {
+        auto it = audit_logger_config_factories_.find(extension->type);
+        if (it == audit_logger_config_factories_.end()) return;
+        name = it->second->name();
+        config = Json::FromObject(it->second->ConvertXdsAuditLoggerConfig(
+            context, serialized_value, errors));
+      },
+      // Custom logger types.
+      [&](Json json) {
+        if (!AuditLoggerRegistry::FactoryExists(extension->type)) return;
+        name = extension->type;
+        config = json;
+      });
+  // Config not found in either case if name is empty.
+  if (name.empty()) {
+    if (!envoy_config_rbac_v3_RBAC_AuditLoggingOptions_AuditLoggerConfig_is_optional(
+            logger_config)) {
+      errors->AddError("unsupported audit logger type");
+    }
+    return Json();
+  }
+  // Validate the converted config.
+  auto result = AuditLoggerRegistry::ParseConfig(name, config);
+  if (!result.ok()) {
+    errors->AddError(result.status().message());
+    return Json();
+  }
+  return Json::FromObject({{std::string(name), std::move(config)}});
+}
+}  // namespace grpc_core

data/src/core/ext/xds/xds_audit_logger_registry.h

@@ -0,0 +1,68 @@
+//
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+
+#ifndef GRPC_SRC_CORE_EXT_XDS_XDS_AUDIT_LOGGER_REGISTRY_H
+#define GRPC_SRC_CORE_EXT_XDS_XDS_AUDIT_LOGGER_REGISTRY_H
+
+#include <grpc/support/port_platform.h>
+
+#include <map>
+#include <memory>
+
+#include "absl/strings/string_view.h"
+#include "envoy/config/rbac/v3/rbac.upb.h"
+
+#include "src/core/ext/xds/xds_resource_type.h"
+#include "src/core/lib/gprpp/validation_errors.h"
+#include "src/core/lib/json/json.h"
+
+namespace grpc_core {
+
+// A registry that maintains a set of converters that are able to map xDS
+// RBAC audit logger configuration to gRPC's JSON format.
+class XdsAuditLoggerRegistry {
+ public:
+  class ConfigFactory {
+   public:
+    virtual ~ConfigFactory() = default;
+    virtual Json::Object ConvertXdsAuditLoggerConfig(
+        const XdsResourceType::DecodeContext& context,
+        absl::string_view configuration, ValidationErrors* errors) = 0;
+    // The full proto message name for the logger config.
+    virtual absl::string_view type() = 0;
+    // The logger name used for the gRPC registry.
+    virtual absl::string_view name() = 0;
+  };
+
+  XdsAuditLoggerRegistry();
+
+  Json ConvertXdsAuditLoggerConfig(
+      const XdsResourceType::DecodeContext& context,
+      const envoy_config_rbac_v3_RBAC_AuditLoggingOptions_AuditLoggerConfig*
+          logger_config,
+      ValidationErrors* errors) const;
+
+ private:
+  // A map of config factories that goes from the type of the audit logging
+  // config to the config factory.
+  std::map<absl::string_view /* Owned by ConfigFactory */,
+           std::unique_ptr<ConfigFactory>>
+      audit_logger_config_factories_;
+};
+
+}  // namespace grpc_core
+
+#endif  // GRPC_SRC_CORE_EXT_XDS_XDS_AUDIT_LOGGER_REGISTRY_H

data/src/core/ext/xds/xds_bootstrap_grpc.cc

@@ -35,6 +35,8 @@
 #include "absl/strings/string_view.h"
 #include "absl/types/optional.h"
 
+#include <grpc/support/json.h>
+
 #include "src/core/lib/config/core_configuration.h"
 #include "src/core/lib/gprpp/ref_counted_ptr.h"
 #include "src/core/lib/json/json.h"
@@ -139,7 +141,7 @@ void GrpcXdsBootstrap::GrpcXdsServer::JsonPostLoad(const Json& json,
           CoreConfiguration::Get().channel_creds_registry().IsSupported(
               creds.type)) {
         if (!CoreConfiguration::Get().channel_creds_registry().IsValidConfig(
-                creds.type, creds.config)) {
+                creds.type, Json::FromObject(creds.config))) {
           errors->AddError(absl::StrCat(
               "invalid config for channel creds type \"", creds.type, "\""));
           continue;
@@ -173,22 +175,25 @@ void GrpcXdsBootstrap::GrpcXdsServer::JsonPostLoad(const Json& json,
 }
 
 Json GrpcXdsBootstrap::GrpcXdsServer::ToJson() const {
-  Json::Object channel_creds_json{{"type", channel_creds_.type}};
+  Json::Object channel_creds_json{
+      {"type", Json::FromString(channel_creds_.type)},
+  };
   if (!channel_creds_.config.empty()) {
-    channel_creds_json["config"] = channel_creds_.config;
+    channel_creds_json["config"] = Json::FromObject(channel_creds_.config);
   }
   Json::Object json{
-      {"server_uri", server_uri_},
-      {"channel_creds", Json::Array{std::move(channel_creds_json)}},
+      {"server_uri", Json::FromString(server_uri_)},
+      {"channel_creds",
+       Json::FromArray({Json::FromObject(std::move(channel_creds_json))})},
   };
   if (!server_features_.empty()) {
     Json::Array server_features_json;
     for (auto& feature : server_features_) {
-      server_features_json.emplace_back(feature);
+      server_features_json.emplace_back(Json::FromString(feature));
     }
-    json["server_features"] = std::move(server_features_json);
+    json["server_features"] = Json::FromArray(std::move(server_features_json));
   }
-  return json;
+  return Json::FromObject(std::move(json));
 }
 
 //
@@ -254,6 +259,13 @@ const JsonLoaderInterface* GrpcXdsBootstrap::JsonLoader(const JsonArgs&) {
 void GrpcXdsBootstrap::JsonPostLoad(const Json& /*json*/,
                                     const JsonArgs& /*args*/,
                                     ValidationErrors* errors) {
+  // Verify that there is at least one server present.
+  {
+    ValidationErrors::ScopedField field(errors, ".xds_servers");
+    if (servers_.empty() && !errors->FieldHasErrors()) {
+      errors->AddError("must be non-empty");
+    }
+  }
   // Verify that each authority has the right prefix in the
   // client_listener_resource_name_template field.
   {
@@ -292,7 +304,7 @@ std::string GrpcXdsBootstrap::ToString() const {
                         "},\n",
                         node_->id(), node_->cluster(), node_->locality_region(),
                         node_->locality_zone(), node_->locality_sub_zone(),
-                        JsonDump(Json{node_->metadata()})));
+                        JsonDump(Json::FromObject(node_->metadata()))));
   }
   parts.push_back(
       absl::StrFormat("servers=[\n%s\n],\n", JsonDump(servers_[0].ToJson())));

data/src/core/ext/xds/xds_bootstrap_grpc.h

@@ -30,6 +30,7 @@
 #include "absl/types/optional.h"
 
 #include "src/core/ext/xds/certificate_provider_store.h"
+#include "src/core/ext/xds/xds_audit_logger_registry.h"
 #include "src/core/ext/xds/xds_bootstrap.h"
 #include "src/core/ext/xds/xds_cluster_specifier_plugin.h"
 #include "src/core/ext/xds/xds_http_filters.h"
@@ -161,6 +162,9 @@ class GrpcXdsBootstrap : public XdsBootstrap {
   const XdsLbPolicyRegistry& lb_policy_registry() const {
     return lb_policy_registry_;
   }
+  const XdsAuditLoggerRegistry& audit_logger_registry() const {
+    return audit_logger_registry_;
+  }
 
   // Exposed for testing purposes only.
   const std::map<std::string, GrpcAuthority>& authorities() const {
@@ -177,6 +181,7 @@ class GrpcXdsBootstrap : public XdsBootstrap {
   XdsHttpFilterRegistry http_filter_registry_;
   XdsClusterSpecifierPluginRegistry cluster_specifier_plugin_registry_;
   XdsLbPolicyRegistry lb_policy_registry_;
+  XdsAuditLoggerRegistry audit_logger_registry_;
 };
 
 }  // namespace grpc_core

data/src/core/ext/xds/xds_client.cc

@@ -152,7 +152,8 @@ class XdsClient::ChannelState::AdsCallState
                        absl::string_view serialized_resource) override
         ABSL_EXCLUSIVE_LOCKS_REQUIRED(&XdsClient::mu_);
 
-    void ResourceWrapperParsingFailed(size_t idx) override;
+    void ResourceWrapperParsingFailed(size_t idx,
+                                      absl::string_view message) override;
 
     Result TakeResult() { return std::move(result_); }
 
@@ -878,9 +879,9 @@ void XdsClient::ChannelState::AdsCallState::AdsResponseParser::ParseResource(
 }
 
 void XdsClient::ChannelState::AdsCallState::AdsResponseParser::
-    ResourceWrapperParsingFailed(size_t idx) {
-  result_.errors.emplace_back(absl::StrCat(
-      "resource index ", idx, ": Can't decode Resource proto wrapper"));
+    ResourceWrapperParsingFailed(size_t idx, absl::string_view message) {
+  result_.errors.emplace_back(
+      absl::StrCat("resource index ", idx, ": ", message));
 }
 
 //

data/src/core/ext/xds/xds_client_stats.h

@@ -239,7 +239,7 @@ class XdsClusterLocalityStats : public RefCounted<XdsClusterLocalityStats> {
   absl::string_view cluster_name_;
   absl::string_view eds_service_name_;
   RefCountedPtr<XdsLocalityName> name_;
-  PerCpu<Stats> stats_{32};
+  PerCpu<Stats> stats_{PerCpuOptions().SetMaxShards(32).SetCpusPerShard(4)};
 };
 
 }  // namespace grpc_core

data/src/core/ext/xds/xds_cluster.cc

@@ -46,6 +46,7 @@
 #include "upb/base/string_view.h"
 #include "upb/text/encode.h"
 
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 
 #include "src/core/ext/xds/upb_utils.h"
@@ -102,8 +103,8 @@ std::string XdsClusterResource::ToString() const {
             "prioritized_cluster_names=[",
             absl::StrJoin(aggregate.prioritized_cluster_names, ", "), "]"));
       });
-  contents.push_back(
-      absl::StrCat("lb_policy_config=", JsonDump(Json{lb_policy_config})));
+  contents.push_back(absl::StrCat("lb_policy_config=",
+                                  JsonDump(Json::FromArray(lb_policy_config))));
   if (lrs_load_reporting_server.has_value()) {
     contents.push_back(absl::StrCat("lrs_load_reporting_server_name=",
                                     lrs_load_reporting_server->server_uri()));
@@ -329,7 +330,8 @@ void ParseLbPolicyConfig(const XdsResourceType::DecodeContext& context,
     if (original_error_count == errors->size()) {
       auto config = CoreConfiguration::Get()
                         .lb_policy_registry()
-                        .ParseLoadBalancingConfig(cds_update->lb_policy_config);
+                        .ParseLoadBalancingConfig(
+                            Json::FromArray(cds_update->lb_policy_config));
       if (!config.ok()) errors->AddError(config.status().message());
     }
     return;
@@ -339,17 +341,16 @@ void ParseLbPolicyConfig(const XdsResourceType::DecodeContext& context,
   if (envoy_config_cluster_v3_Cluster_lb_policy(cluster) ==
       envoy_config_cluster_v3_Cluster_ROUND_ROBIN) {
     cds_update->lb_policy_config = {
-        Json::Object{
+        Json::FromObject({
             {"xds_wrr_locality_experimental",
-             Json::Object{
-                 {"childPolicy",
-                  Json::Array{
-                      Json::Object{
-                          {"round_robin", Json::Object()},
-                      },
-                  }},
-             }},
-        },
+             Json::FromObject({
+                 {"childPolicy", Json::FromArray({
+                                     Json::FromObject({
+                                         {"round_robin", Json::FromObject({})},
+                                     }),
+                                 })},
+             })},
+        }),
     };
   } else if (envoy_config_cluster_v3_Cluster_lb_policy(cluster) ==
              envoy_config_cluster_v3_Cluster_RING_HASH) {
@@ -391,13 +392,13 @@ void ParseLbPolicyConfig(const XdsResourceType::DecodeContext& context,
       }
     }
     cds_update->lb_policy_config = {
-        Json::Object{
+        Json::FromObject({
             {"ring_hash_experimental",
-             Json::Object{
-                 {"minRingSize", min_ring_size},
-                 {"maxRingSize", max_ring_size},
-             }},
-        },
+             Json::FromObject({
+                 {"minRingSize", Json::FromNumber(min_ring_size)},
+                 {"maxRingSize", Json::FromNumber(max_ring_size)},
+             })},
+        }),
     };
   } else {
     ValidationErrors::ScopedField field(errors, ".lb_policy");

data/src/core/ext/xds/xds_cluster_specifier_plugin.cc

@@ -30,6 +30,7 @@
 #include "upb/json/encode.h"
 #include "upb/upb.hpp"
 
+#include <grpc/support/json.h>
 #include <grpc/support/log.h>
 
 #include "src/core/lib/json/json.h"
@@ -91,14 +92,16 @@ Json XdsRouteLookupClusterSpecifierPlugin::GenerateLoadBalancingPolicyConfig(
                  reinterpret_cast<char*>(buf), json_size + 1, status.ptr());
   auto json = JsonParse(reinterpret_cast<char*>(buf));
   GPR_ASSERT(json.ok());
-  return Json::Array{Json::Object{
-      {"rls_experimental",
-       Json::Object{
-           {"routeLookupConfig", std::move(*json)},
-           {"childPolicy",
-            Json::Array{Json::Object{{"cds_experimental", Json::Object()}}}},
-           {"childPolicyConfigTargetFieldName", "cluster"},
-       }}}};
+  return Json::FromArray({Json::FromObject(
+      {{"rls_experimental",
+        Json::FromObject({
+            {"routeLookupConfig", std::move(*json)},
+            {"childPolicy",
+             Json::FromArray({
+                 Json::FromObject({{"cds_experimental", Json::FromObject({})}}),
+             })},
+            {"childPolicyConfigTargetFieldName", Json::FromString("cluster")},
+        })}})});
 }
 
 //