RubyGems - grpc - Versions diffs - 1.55.3 → 1.56.0.pre3 - Mend

grpc 1.55.3 → 1.56.0.pre3

Potentially problematic release.

This version of grpc might be problematic. Click here for more details.

Files changed (385) hide show

data/src/core/lib/resolver/server_address.cc CHANGED Viewed

@@ -57,14 +57,6 @@ ServerAddress::ServerAddress(
     std::map<const char*, std::unique_ptr<AttributeInterface>> attributes)
     : address_(address), args_(args), attributes_(std::move(attributes)) {}
-ServerAddress::ServerAddress(
-    const void* address, size_t address_len, const ChannelArgs& args,
-    std::map<const char*, std::unique_ptr<AttributeInterface>> attributes)
-    : args_(args), attributes_(std::move(attributes)) {
-  memcpy(address_.addr, address, address_len);
-  address_.len = static_cast<socklen_t>(address_len);
-}
 ServerAddress::ServerAddress(const ServerAddress& other)
     : address_(other.address_), args_(other.args_) {
   for (const auto& p : other.attributes_) {

data/src/core/lib/resolver/server_address.h CHANGED Viewed

@@ -21,7 +21,6 @@
 #include <grpc/support/port_platform.h>
-#include <stddef.h>
 #include <stdint.h>
 #include <map>
@@ -65,14 +64,9 @@ class ServerAddress {
     virtual std::string ToString() const = 0;
   };
-  // Takes ownership of args.
   ServerAddress(const grpc_resolved_address& address, const ChannelArgs& args,
                 std::map<const char*, std::unique_ptr<AttributeInterface>>
                     attributes = {});
-  ServerAddress(const void* address, size_t address_len,
-                const ChannelArgs& args,
-                std::map<const char*, std::unique_ptr<AttributeInterface>>
-                    attributes = {});
   // Copyable.
   ServerAddress(const ServerAddress& other);

data/src/core/lib/resource_quota/memory_quota.cc CHANGED Viewed

@@ -453,7 +453,7 @@ void BasicMemoryQuota::AddNewAllocator(GrpcMemoryAllocatorImpl* allocator) {
   AllocatorBucket::Shard& shard = small_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&shard.shard_mu);
+    MutexLock l(&shard.shard_mu);
     shard.allocators.emplace(allocator);
   }
 }
@@ -467,7 +467,7 @@ void BasicMemoryQuota::RemoveAllocator(GrpcMemoryAllocatorImpl* allocator) {
       small_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&small_shard.shard_mu);
+    MutexLock l(&small_shard.shard_mu);
     if (small_shard.allocators.erase(allocator) == 1) {
       return;
     }
@@ -476,7 +476,7 @@ void BasicMemoryQuota::RemoveAllocator(GrpcMemoryAllocatorImpl* allocator) {
   AllocatorBucket::Shard& big_shard = big_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&big_shard.shard_mu);
+    MutexLock l(&big_shard.shard_mu);
     big_shard.allocators.erase(allocator);
   }
 }
@@ -513,14 +513,14 @@ void BasicMemoryQuota::MaybeMoveAllocatorBigToSmall(
   AllocatorBucket::Shard& old_shard = big_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&old_shard.shard_mu);
+    MutexLock l(&old_shard.shard_mu);
     if (old_shard.allocators.erase(allocator) == 0) return;
   }
   AllocatorBucket::Shard& new_shard = small_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&new_shard.shard_mu);
+    MutexLock l(&new_shard.shard_mu);
     new_shard.allocators.emplace(allocator);
   }
 }
@@ -534,14 +534,14 @@ void BasicMemoryQuota::MaybeMoveAllocatorSmallToBig(
   AllocatorBucket::Shard& old_shard = small_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&old_shard.shard_mu);
+    MutexLock l(&old_shard.shard_mu);
     if (old_shard.allocators.erase(allocator) == 0) return;
   }
   AllocatorBucket::Shard& new_shard = big_allocators_.SelectShard(allocator);
   {
-    absl::MutexLock l(&new_shard.shard_mu);
+    MutexLock l(&new_shard.shard_mu);
     new_shard.allocators.emplace(allocator);
   }
 }

data/src/core/lib/resource_quota/memory_quota.h CHANGED Viewed

@@ -30,7 +30,6 @@
 #include "absl/base/thread_annotations.h"
 #include "absl/container/flat_hash_set.h"
 #include "absl/strings/string_view.h"
-#include "absl/synchronization/mutex.h"
 #include "absl/types/optional.h"
 #include <grpc/event_engine/memory_allocator.h>
@@ -340,7 +339,7 @@ class BasicMemoryQuota final
     struct Shard {
       absl::flat_hash_set<GrpcMemoryAllocatorImpl*> allocators
           ABSL_GUARDED_BY(shard_mu);
-      absl::Mutex shard_mu;
+      Mutex shard_mu;
     };
     Shard& SelectShard(void* key) {

data/src/core/lib/security/authorization/audit_logging.cc ADDED Viewed

@@ -0,0 +1,98 @@
+//
+//
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+#include <grpc/support/port_platform.h>
+#include "src/core/lib/security/authorization/audit_logging.h"
+#include <initializer_list>
+#include <map>
+#include <memory>
+#include <utility>
+#include "absl/status/status.h"
+#include "absl/status/statusor.h"
+#include "absl/strings/str_format.h"
+#include "absl/strings/string_view.h"
+#include <grpc/grpc_audit_logging.h>
+#include <grpc/support/json.h>
+#include <grpc/support/log.h>
+#include "src/core/lib/gprpp/sync.h"
+#include "src/core/lib/security/authorization/stdout_logger.h"
+namespace grpc_core {
+namespace experimental {
+Mutex* AuditLoggerRegistry::mu = new Mutex();
+AuditLoggerRegistry* AuditLoggerRegistry::registry = new AuditLoggerRegistry();
+AuditLoggerRegistry::AuditLoggerRegistry() {
+  auto factory = std::make_unique<StdoutAuditLoggerFactory>();
+  absl::string_view name = factory->name();
+  GPR_ASSERT(logger_factories_map_.emplace(name, std::move(factory)).second);
+}
+void AuditLoggerRegistry::RegisterFactory(
+    std::unique_ptr<AuditLoggerFactory> factory) {
+  GPR_ASSERT(factory != nullptr);
+  MutexLock lock(mu);
+  absl::string_view name = factory->name();
+  GPR_ASSERT(
+      registry->logger_factories_map_.emplace(name, std::move(factory)).second);
+}
+bool AuditLoggerRegistry::FactoryExists(absl::string_view name) {
+  MutexLock lock(mu);
+  return registry->logger_factories_map_.find(name) !=
+         registry->logger_factories_map_.end();
+}
+absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
+AuditLoggerRegistry::ParseConfig(absl::string_view name, const Json& json) {
+  MutexLock lock(mu);
+  auto it = registry->logger_factories_map_.find(name);
+  if (it == registry->logger_factories_map_.end()) {
+    return absl::NotFoundError(
+        absl::StrFormat("audit logger factory for %s does not exist", name));
+  }
+  return it->second->ParseAuditLoggerConfig(json);
+}
+std::unique_ptr<AuditLogger> AuditLoggerRegistry::CreateAuditLogger(
+    std::unique_ptr<AuditLoggerFactory::Config> config) {
+  MutexLock lock(mu);
+  auto it = registry->logger_factories_map_.find(config->name());
+  GPR_ASSERT(it != registry->logger_factories_map_.end());
+  return it->second->CreateAuditLogger(std::move(config));
+}
+void AuditLoggerRegistry::TestOnlyResetRegistry() {
+  MutexLock lock(mu);
+  delete registry;
+  registry = new AuditLoggerRegistry();
+}
+void RegisterAuditLoggerFactory(std::unique_ptr<AuditLoggerFactory> factory) {
+  AuditLoggerRegistry::RegisterFactory(std::move(factory));
+}
+}  // namespace experimental
+}  // namespace grpc_core

data/src/core/lib/security/authorization/audit_logging.h ADDED Viewed

@@ -0,0 +1,73 @@
+//
+//
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+//
+#ifndef GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_AUDIT_LOGGING_H
+#define GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_AUDIT_LOGGING_H
+#include <grpc/support/port_platform.h>
+#include <map>
+#include <memory>
+#include "absl/base/thread_annotations.h"
+#include "absl/status/statusor.h"
+#include "absl/strings/string_view.h"
+#include <grpc/grpc_audit_logging.h>
+#include <grpc/support/json.h>
+#include "src/core/lib/gprpp/sync.h"
+namespace grpc_core {
+namespace experimental {
+class AuditLoggerRegistry {
+ public:
+  static void RegisterFactory(std::unique_ptr<AuditLoggerFactory>);
+  static bool FactoryExists(absl::string_view name);
+  static absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
+  ParseConfig(absl::string_view name, const Json& json);
+  // This assume the given config is parsed and validated already.
+  // Therefore, it should always succeed in creating a logger.
+  static std::unique_ptr<AuditLogger> CreateAuditLogger(
+      std::unique_ptr<AuditLoggerFactory::Config>);
+  // Factories are registered during initialization. They should never be
+  // unregistered since they will be looked up at any time till the program
+  // exits. This function should only be used in tests to clear the registry.
+  static void TestOnlyResetRegistry();
+ private:
+  AuditLoggerRegistry();
+  static Mutex* mu;
+  static AuditLoggerRegistry* registry ABSL_GUARDED_BY(mu);
+  // The key is owned by the factory.
+  std::map<absl::string_view, std::unique_ptr<AuditLoggerFactory>>
+      logger_factories_map_ ABSL_GUARDED_BY(mu);
+};
+}  // namespace experimental
+}  // namespace grpc_core
+#endif  // GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_AUDIT_LOGGING_H

data/src/core/lib/security/authorization/grpc_authorization_engine.cc CHANGED Viewed

@@ -20,10 +20,35 @@
 #include <map>
 #include <utility>
+#include <grpc/support/log.h>
+#include "src/core/lib/security/authorization/audit_logging.h"
+#include "src/core/lib/security/authorization/authorization_engine.h"
 namespace grpc_core {
+using experimental::AuditContext;
+using experimental::AuditLoggerRegistry;
+namespace {
+using Decision = AuthorizationEngine::Decision;
+bool ShouldLog(const Decision& decision,
+               const Rbac::AuditCondition& condition) {
+  return condition == Rbac::AuditCondition::kOnDenyAndAllow ||
+         (decision.type == Decision::Type::kAllow &&
+          condition == Rbac::AuditCondition::kOnAllow) ||
+         (decision.type == Decision::Type::kDeny &&
+          condition == Rbac::AuditCondition::kOnDeny);
+}
+}  // namespace
 GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy)
-    : action_(policy.action) {
+    : name_(std::move(policy.name)),
+      action_(policy.action),
+      audit_condition_(policy.audit_condition) {
   for (auto& sub_policy : policy.policies) {
     Policy policy;
     policy.name = sub_policy.first;
@@ -31,16 +56,29 @@ GrpcAuthorizationEngine::GrpcAuthorizationEngine(Rbac policy)
         std::move(sub_policy.second));
     policies_.push_back(std::move(policy));
   }
+  for (auto& logger_config : policy.logger_configs) {
+    auto logger =
+        AuditLoggerRegistry::CreateAuditLogger(std::move(logger_config));
+    GPR_ASSERT(logger != nullptr);
+    audit_loggers_.push_back(std::move(logger));
+  }
 }
 GrpcAuthorizationEngine::GrpcAuthorizationEngine(
     GrpcAuthorizationEngine&& other) noexcept
-    : action_(other.action_), policies_(std::move(other.policies_)) {}
+    : name_(std::move(other.name_)),
+      action_(other.action_),
+      policies_(std::move(other.policies_)),
+      audit_condition_(other.audit_condition_),
+      audit_loggers_(std::move(other.audit_loggers_)) {}
 GrpcAuthorizationEngine& GrpcAuthorizationEngine::operator=(
     GrpcAuthorizationEngine&& other) noexcept {
+  name_ = std::move(other.name_);
   action_ = other.action_;
   policies_ = std::move(other.policies_);
+  audit_condition_ = other.audit_condition_;
+  audit_loggers_ = std::move(other.audit_loggers_);
   return *this;
 }
@@ -58,6 +96,13 @@ AuthorizationEngine::Decision GrpcAuthorizationEngine::Evaluate(
   decision.type = (matches == (action_ == Rbac::Action::kAllow))
                       ? Decision::Type::kAllow
                       : Decision::Type::kDeny;
+  if (ShouldLog(decision, audit_condition_)) {
+    for (auto& logger : audit_loggers_) {
+      logger->Log(AuditContext(args.GetPath(), args.GetSpiffeId(), name_,
+                               decision.matching_policy_name,
+                               decision.type == Decision::Type::kAllow));
+    }
+  }
   return decision;
 }

data/src/core/lib/security/authorization/grpc_authorization_engine.h CHANGED Viewed

@@ -23,6 +23,8 @@
 #include <string>
 #include <vector>
+#include <grpc/grpc_audit_logging.h>
 #include "src/core/lib/security/authorization/authorization_engine.h"
 #include "src/core/lib/security/authorization/evaluate_args.h"
 #include "src/core/lib/security/authorization/matchers.h"
@@ -30,6 +32,8 @@
 namespace grpc_core {
+using experimental::AuditLogger;
 // GrpcAuthorizationEngine can be either an Allow engine or Deny engine. This
 // engine makes authorization decisions to Allow or Deny incoming RPC request
 // based on permission and principal configs in the provided RBAC policy and the
@@ -39,7 +43,8 @@ namespace grpc_core {
 class GrpcAuthorizationEngine : public AuthorizationEngine {
  public:
   // Builds GrpcAuthorizationEngine without any policies.
-  explicit GrpcAuthorizationEngine(Rbac::Action action) : action_(action) {}
+  explicit GrpcAuthorizationEngine(Rbac::Action action)
+      : action_(action), audit_condition_(Rbac::AuditCondition::kNone) {}
   // Builds GrpcAuthorizationEngine with allow/deny RBAC policy.
   explicit GrpcAuthorizationEngine(Rbac policy);
@@ -51,6 +56,14 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
   // Required only for testing purpose.
   size_t num_policies() const { return policies_.size(); }
+  // Required only for testing purpose.
+  Rbac::AuditCondition audit_condition() const { return audit_condition_; }
+  // Required only for testing purpose.
+  const std::vector<std::unique_ptr<AuditLogger>>& audit_loggers() const {
+    return audit_loggers_;
+  }
   // Evaluates incoming request against RBAC policy and makes a decision to
   // whether allow/deny this request.
   Decision Evaluate(const EvaluateArgs& args) const override;
@@ -60,8 +73,12 @@ class GrpcAuthorizationEngine : public AuthorizationEngine {
     std::string name;
     std::unique_ptr<AuthorizationMatcher> matcher;
   };
+  std::string name_;
   Rbac::Action action_;
   std::vector<Policy> policies_;
+  Rbac::AuditCondition audit_condition_;
+  std::vector<std::unique_ptr<AuditLogger>> audit_loggers_;
 };
 }  // namespace grpc_core

data/src/core/lib/security/authorization/rbac_policy.cc CHANGED Viewed

@@ -22,6 +22,7 @@
 #include "absl/strings/str_format.h"
 #include "absl/strings/str_join.h"
+#include "absl/strings/string_view.h"
 namespace grpc_core {
@@ -29,26 +30,57 @@ namespace grpc_core {
 // Rbac
 //
-Rbac::Rbac(Rbac::Action action, std::map<std::string, Policy> policies)
-    : action(action), policies(std::move(policies)) {}
+Rbac::Rbac(std::string name, Rbac::Action action,
+           std::map<std::string, Policy> policies)
+    : name(std::move(name)),
+      action(action),
+      policies(std::move(policies)),
+      audit_condition(Rbac::AuditCondition::kNone) {}
 Rbac::Rbac(Rbac&& other) noexcept
-    : action(other.action), policies(std::move(other.policies)) {}
+    : name(std::move(other.name)),
+      action(other.action),
+      policies(std::move(other.policies)),
+      audit_condition(other.audit_condition),
+      logger_configs(std::move(other.logger_configs)) {}
 Rbac& Rbac::operator=(Rbac&& other) noexcept {
+  name = std::move(other.name);
   action = other.action;
   policies = std::move(other.policies);
+  audit_condition = other.audit_condition;
+  logger_configs = std::move(other.logger_configs);
   return *this;
 }
 std::string Rbac::ToString() const {
   std::vector<std::string> contents;
+  absl::string_view condition_str;
+  switch (audit_condition) {
+    case Rbac::AuditCondition::kNone:
+      condition_str = "None";
+      break;
+    case AuditCondition::kOnDeny:
+      condition_str = "OnDeny";
+      break;
+    case AuditCondition::kOnAllow:
+      condition_str = "OnAllow";
+      break;
+    case AuditCondition::kOnDenyAndAllow:
+      condition_str = "OnDenyAndAllow";
+      break;
+  }
   contents.push_back(absl::StrFormat(
-      "Rbac action=%s{", action == Rbac::Action::kAllow ? "Allow" : "Deny"));
+      "Rbac name=%s action=%s audit_condition=%s{", name,
+      action == Rbac::Action::kAllow ? "Allow" : "Deny", condition_str));
   for (const auto& p : policies) {
     contents.push_back(absl::StrFormat("{\n  policy_name=%s\n%s\n}", p.first,
                                        p.second.ToString()));
   }
+  for (const auto& config : logger_configs) {
+    contents.push_back(absl::StrFormat("{\n  audit_logger=%s\n%s\n}",
+                                       config->name(), config->ToString()));
+  }
   contents.push_back("}");
   return absl::StrJoin(contents, "\n");
 }

data/src/core/lib/security/authorization/rbac_policy.h CHANGED Viewed

@@ -26,18 +26,27 @@
 #include "absl/types/optional.h"
+#include <grpc/grpc_audit_logging.h>
 #include "src/core/lib/matchers/matchers.h"
 namespace grpc_core {
 // Represents Envoy RBAC Proto. [See
-// https://github.com/envoyproxy/envoy/blob/release/v1.17/api/envoy/config/rbac/v3/rbac.proto]
+// https://github.com/envoyproxy/envoy/blob/release/v1.26/api/envoy/config/rbac/v3/rbac.proto]
 struct Rbac {
   enum class Action {
     kAllow,
     kDeny,
   };
+  enum class AuditCondition {
+    kNone,
+    kOnDeny,
+    kOnAllow,
+    kOnDenyAndAllow,
+  };
   struct CidrRange {
     CidrRange() = default;
     CidrRange(std::string address_prefix, uint32_t prefix_len);
@@ -162,15 +171,23 @@ struct Rbac {
   };
   Rbac() = default;
-  Rbac(Rbac::Action action, std::map<std::string, Policy> policies);
+  Rbac(std::string name, Rbac::Action action,
+       std::map<std::string, Policy> policies);
   Rbac(Rbac&& other) noexcept;
   Rbac& operator=(Rbac&& other) noexcept;
   std::string ToString() const;
+  // The authorization policy name or the HTTP RBAC filter name.
+  std::string name;
   Action action;
   std::map<std::string, Policy> policies;
+  AuditCondition audit_condition;
+  std::vector<std::unique_ptr<experimental::AuditLoggerFactory::Config>>
+      logger_configs;
 };
 }  // namespace grpc_core

data/src/core/lib/security/authorization/stdout_logger.cc ADDED Viewed

@@ -0,0 +1,75 @@
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <grpc/support/port_platform.h>
+#include "src/core/lib/security/authorization/stdout_logger.h"
+#include <cstdio>
+#include <initializer_list>
+#include <memory>
+#include <string>
+#include "absl/status/statusor.h"
+#include "absl/strings/str_format.h"
+#include "absl/strings/string_view.h"
+#include "absl/time/clock.h"
+#include "absl/time/time.h"
+#include <grpc/grpc_audit_logging.h>
+#include <grpc/support/json.h>
+#include <grpc/support/log.h>
+namespace grpc_core {
+namespace experimental {
+namespace {
+constexpr absl::string_view kName = "stdout_logger";
+constexpr char kLogFormat[] =
+    "{\"grpc_audit_log\":{\"timestamp\":\"%s\",\"rpc_method\":\"%s\","
+    "\"principal\":\"%s\",\"policy_name\":\"%s\",\"matched_rule\":\"%s\","
+    "\"authorized\":%s}}\n";
+}  // namespace
+void StdoutAuditLogger::Log(const AuditContext& context) {
+  absl::FPrintF(stdout, kLogFormat, absl::FormatTime(absl::Now()),
+                context.rpc_method(), context.principal(),
+                context.policy_name(), context.matched_rule(),
+                context.authorized() ? "true" : "false");
+}
+absl::string_view StdoutAuditLoggerFactory::Config::name() const {
+  return kName;
+}
+std::string StdoutAuditLoggerFactory::Config::ToString() const { return "{}"; }
+absl::string_view StdoutAuditLoggerFactory::name() const { return kName; }
+absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
+StdoutAuditLoggerFactory::ParseAuditLoggerConfig(const Json&) {
+  return std::make_unique<StdoutAuditLoggerFactory::Config>();
+}
+std::unique_ptr<AuditLogger> StdoutAuditLoggerFactory::CreateAuditLogger(
+    std::unique_ptr<AuditLoggerFactory::Config> config) {
+  // Sanity check.
+  GPR_ASSERT(config != nullptr && config->name() == name());
+  return std::make_unique<StdoutAuditLogger>();
+}
+}  // namespace experimental
+}  // namespace grpc_core

data/src/core/lib/security/authorization/stdout_logger.h ADDED Viewed

@@ -0,0 +1,61 @@
+// Copyright 2023 gRPC authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_STDOUT_LOGGER_H
+#define GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_STDOUT_LOGGER_H
+#include <grpc/support/port_platform.h>
+#include <memory>
+#include <string>
+#include "absl/status/statusor.h"
+#include "absl/strings/string_view.h"
+#include <grpc/grpc_audit_logging.h>
+#include <grpc/support/json.h>
+namespace grpc_core {
+namespace experimental {
+class StdoutAuditLogger : public AuditLogger {
+ public:
+  StdoutAuditLogger() = default;
+  absl::string_view name() const override { return "stdout_logger"; }
+  void Log(const AuditContext&) override;
+};
+class StdoutAuditLoggerFactory : public AuditLoggerFactory {
+ public:
+  class Config : public AuditLoggerFactory::Config {
+   public:
+    Config() = default;
+    absl::string_view name() const override;
+    std::string ToString() const override;
+  };
+  StdoutAuditLoggerFactory() = default;
+  absl::string_view name() const override;
+  absl::StatusOr<std::unique_ptr<AuditLoggerFactory::Config>>
+  ParseAuditLoggerConfig(const Json& json) override;
+  std::unique_ptr<AuditLogger> CreateAuditLogger(
+      std::unique_ptr<AuditLoggerFactory::Config>) override;
+};
+}  // namespace experimental
+}  // namespace grpc_core
+#endif  // GRPC_SRC_CORE_LIB_SECURITY_AUTHORIZATION_STDOUT_LOGGER_H