feat(xds): Implement CheckRequestBuilder for external authorization #12493
feat(xds): Implement CheckRequestBuilder for external authorization #12493sauravzg wants to merge 8 commits intogrpc:masterfrom
Conversation
sauravzg
changed the title
sauravzg
force-pushed
the
feat/request-builder
branch
5 times, most recently
from
7b5cd3c to
2d08a46
Compare
| /** | ||
| * Interface for building external authorization check requests. | ||
| */ | ||
| public interface CheckRequestBuilder { |
There was a problem hiding this comment.
What is the point of this interface existing? It doesn't seem to be for injection. The only time it is used with an implementation other than CheckRequestBuilderImpl seems to be as a mock... that has no calls to it within the tests. So that means it isn't used for verification or for injection of behavior.
The Factory is even more baffling.
There was a problem hiding this comment.
Removed. Had a discussion with Kannan on moving the responsibility of injection to the caller instead of the callee which somewhat made sense.
To anwer the question about FooFactory, Foo which will be a recurring pattern in the child PRs.
The idea is analogous to FilterProvider vs Filter.
Inject factories into the FilterProvider, so that when creating the interceptor these factories can return mock instances and so on. The sole advantage being unit test coverage of Interceptor construction.
xds/src/main/java/io/grpc/xds/internal/extauthz/CheckRequestBuilder.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzCertificateProvider.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzCertificateProvider.java
Outdated
Show resolved
Hide resolved
| } | ||
| } | ||
| } catch (java.security.cert.CertificateParsingException e) { | ||
| logger.log(Level.WARNING, "Error parsing certificate SANs. " + "This is not expected," |
There was a problem hiding this comment.
Remove the unnecessary string concatenation.
There was a problem hiding this comment.
Have reduced the log message size. But for my education, what's the correct way to avoid checkstyle errors for long strings without concatenation?
xds/src/main/java/io/grpc/xds/internal/extauthz/ExtAuthzCertificateProvider.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/CheckRequestBuilder.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/CheckRequestBuilder.java
Outdated
Show resolved
Hide resolved
xds/src/main/java/io/grpc/xds/internal/extauthz/CheckRequestBuilder.java
Outdated
Show resolved
Hide resolved
| Iterable<byte[]> binaryValues = | ||
| headers.getAll(Metadata.Key.of(key, Metadata.BINARY_BYTE_MARSHALLER)); | ||
| if (binaryValues == null) { | ||
| // Unreachable code, since we iterate over the keys. Exists for defensive programming. |
There was a problem hiding this comment.
Delete this. It means there is a bug. You've gone out of your way to use Optional for something impossible. If Optional was needed for other reasons such that you'd be reusing the error handling, I could understand it. But there's no point here, and it makes the code more likely to have bugs. Delete the Optional.
There was a problem hiding this comment.
Fixed.
But wouldn't best practices dictate to defensively program and not make any assumptions about your caller situation and make sure the method works well in isolation?
There are two cases in which the current function is incorrect in isolation now
- A new method decides to call this method without ensuring the key's presence.
- We assume "key being present" guarantees non null, which may or may not hold true depending on Metadata's implementation in theory, in which case our assumption is invalid.
This commit introduces configuration objects for the external authorization (ExtAuthz) filter and the gRPC service it uses. These classes provide a structured, immutable representation of the configuration defined in the xDS protobuf messages. The main new classes are: - `ExtAuthzConfig`: Represents the configuration for the `ExtAuthz` filter, including settings for the gRPC service, header mutation rules, and other filter behaviors. - `GrpcServiceConfig`: Represents the configuration for a gRPC service, including the target URI, credentials, and other settings. - `HeaderMutationRulesConfig`: Represents the configuration for header mutation rules. This commit also includes parsers to create these configuration objects from the corresponding protobuf messages, as well as unit tests for the new classes.
sauravzg
force-pushed
the
feat/request-builder
branch
2 times, most recently
from
b97c3be to
7afce33
Compare
|
@ejona86 PTAL. I've addressed comments. I think it should be up to spec, but I am slightly worried about
|
… the updated requirements
sauravzg
force-pushed
the
feat/request-builder
branch
2 times, most recently
from
ad1347d to
5669413
Compare
This commit introduces a library for handling header mutations as specified by the xDS protocol. This library provides the core functionality for modifying request and response headers based on a set of rules. The main components of this library are: - `HeaderMutator`: Applies header mutations to `Metadata` objects. - `HeaderMutationFilter`: Filters header mutations based on a set of configurable rules, such as disallowing mutations of system headers. - `HeaderMutations`: A value class that represents the set of mutations to be applied to request and response headers. - `HeaderMutationDisallowedException`: An exception that is thrown when a disallowed header mutation is attempted. This commit also includes comprehensive unit tests for the new library.
This commit introduces the `CheckRequestBuilder` library, which is responsible for constructing the `CheckRequest` message sent to the external authorization service. The `CheckRequestBuilder` gathers information from various sources, including: - `ServerCall` attributes (local and remote addresses, SSL session). - `MethodDescriptor` (full method name). - Request headers. It uses this information to populate the `AttributeContext` of the `CheckRequest` message, which provides the authorization service with the necessary context to make an authorization decision. This commit also introduces the `ExtAuthzCertificateProvider`, a helper class for extracting certificate information, such as the principal and PEM-encoded certificate. Unit tests for the new components are also included.
sauravzg
force-pushed
the
feat/request-builder
branch
from
5669413 to
0e70dee
Compare
2 participants
This PR sits on top of #12492, so only the last commit + any fixups need to be reviewed.
This commit introduces the
CheckRequestBuilderlibrary, which is responsible for constructing theCheckRequestmessage sent to the external authorization service.The
CheckRequestBuildergathers information from various sources, including:ServerCallattributes (local and remote addresses, SSL session).MethodDescriptor(full method name).It uses this information to populate the
AttributeContextof theCheckRequestmessage, which provides the authorization service with the necessary context to make an authorization decision.This commit also introduces the
ExtAuthzCertificateProvider, a helper class for extracting certificate information, such as the principal and PEM-encoded certificate.The relevant section of the spec is: https://github.com/grpc/proposal/pull/481/files#diff-6bb76a24aa142cc33db9218509688f01b30c8885d2fd8849f164244e68cd54eaR196-R250
Unit tests for the new components are also included.